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Abstract. We present a labelled sequent calculus for Boolean BI (BBI), 
a classical variant of the logic of Bunched Implication. The calculus is 
simple, sound, complete, and enjoys cut-elimination. We show that all 
the structural rules in the calculus, i.e., those rules that manipulate labels 
and ternary relations, can be localised around applications of certain log- 
ical rules, thereby localising the handling of these rules in proof search. 
Based on this, we demonstrate a free variable calculus that deals with 
the structural rules lazily in a constraint system. We propose a heuristic 
method to quickly solve certain constraints, and show some experimental 
results to confirm that our approach is feasible for proof search. Addi- 
tionally, we show that different semantics for BBI and some axioms in 
concrete models can be captured by adding extra structural rules. 



1 Introduction 

The logic of bunched implications (BI) was introduced to reason about resources 
using additive connectives A, V, T, _L, and multiplicative connectives T*, *, 
— * [13]. Both parts are intuitionistic so BI is also Intuitionistic logic (IL) plus 
Lambek multiplicative logic (LM). Changing the additive part to classical logic 
gives Boolean BI (BBI). Replacing LM by multiplicative classical linear logic 
gives Classical BI (CBI). BI logics are closely related to separation logic [IB], a 
logic for proving properties of programs. Thus, the semantics and proof theory 
of Bl-logics, particularly for proof search, are important in computer science. 

The ternary relational Kripke semantics of BBI-logics come in at least three 
different flavours: non-deterministic (ND), partial deterministic (PD), and total 
deterministic (TD) [S]. These semantics give different logics w.i.i. validity, i.e., 
BBInd,BBIp£),BBItd respectively, and all are undecidable [319] . The purely 
syntactic proof theory of BBI also comes in three flavours: Hilbert calculi jl5l5| . 
display calculi [1] and nested sequent calculi [Ij. All are sound and complete 
w.r.t. the ND-semantics [511114] . 

In between the relational semantics and the purely syntactic proof theory 
are the labelled tableaux of Larchey-Wendling and Galmiche which are sound 
and complete w.r.t. the PD-semantics [817] . They remark that "the adapta- 
tion of this tableaux system to BBItd should be straightforward (contrary to 
BBInd)" [ID]- We return to these issues in Section |5| 



The structural rules of display calculi, especially the contraction rule on struc- 
tures, are impractical for backward proof search. Nested sequents also face similar 
problems, and although Park et al. showed the admissibility of contraction in 
an improved nested sequent calculus, it contains other rules that explicitly con- 
tract structures. Their iterative deepening automated theorem provcr for BBI 
based on nested sequents is terminating and incomplete for bounded depths, 
but complete and potentially non-terminating for an unbounded depth 14 . The 
labelled tableaux of Larchey-Wendling and Galmiche compile all structural rules 
into PD-monoidal constraints, and are cut-fee complete for BBIpD using a poten- 
tially infinite counter-model construction [7^. But effective proof search is only 
a "perspective" and is left as further work [71 page 2]. 

Surprisingly, many applications of BBI do not directly correspond to it's 
widely used non-deterministic semantics. For example, separation logic models 
are instances of partial deterministic models while "memory models" for BBI 
are restricted to have indivisible units: "the empty memory cannot be split into 
non-empty pieces" . Our goal is to give a labelled proof system for BBI based 
upon the ND-semantics which easily extend to the PD- and TD-semantics, and 
also these other, more "practical" , semantics. 

Our labelled sequent calculus LS bbi for BBI adopts some features from 
existing labelled tableaux for BBI 8 and existing labelled sequent calculi for 
modal logics [TT]. Unlike these calculi, some LS'ssj-rules contain substitutions 
on labels. From a proof-search perspective, labelled calculi are no better than 
display calculi since they require extra-logical rules to explicitly encode the frame 
conditions of the underlying (Kripke) semantics. Such rules, which we refer to 
simply as structural rules, are just as bad as display postulates for proof search 
since we may be forced to explore all potential models. As a step towards our goal, 
we show that the applications of these structural rules can be localised around 
logical rules. Thus these structural rules are only triggered by applications of 
logical rules, leading to a purely syntax-driven proof search procedure for LS bbi- 

Our work is novel from two perspectives. Compared to the labelled tableaux 
of Larchey-Wendling and Galmiche, we deal with the non-deterministic seman- 
tics of BBI, which they have fiagged as a difficulty, and obtain a constructive 
cut-elimination procedure. Compared to the nested sequent calculus of Park et 
al., our calculus is much simpler, and generally gives much shorter proofs. Note 
that Park et al. actually gave a labelled variant of their nested sequent calculus, 
with the same logical rules as ours. However, their structural rules are still just 
notational variants of the original ones, which are lengthy and do not use ternary 
relations. We also show that adding certain structural rules to LS bbi allows us 
to obtain cut-free labelled calculi for all the other semantics mentioned above. 

The rest of the paper is organized as follows. In Section [21 we present the 
semantics of BBI, following [9], and our labelled sequent calculus LSbbi- We 
show that LS BBI is sound with respect to the semantics, and it is complete 
indirectly via a Hilbert system for BBI [5] which is already shown complete. 
In Section [3l we prove some important proof theoretic properties of LSbbi'- in- 
vertibility of inference rules, admissibility of contraction, and more importantly. 



cut-elimination. In Sectional we discuss a permutation result for inference rules, 
allowing us to isolate applications of structural rules during proof search. In 
Section [SJ we describe how to reduce proof search to constraint solving in a free- 
variable sequent calculus. We give a heuristic method for solving the resulting 
constraint problem in Section |6] and report on experimental results in Section [71 
Section IS] concludes the paper. Detailed proofs are available in the appendices. 

2 The Labelled Sequent Calculus for BBI 

The semantics of BBI is in Section 12. 1[ then we present our labelled calculus 
in Section 12.21 The soundness proof is outlined in Section 12.31 followed by the 
completeness proof in Section [2^ in which the Hilbert system of BBI is used. 

2.1 SyntELx and Semantics of BBI 

BBI formulae are defined inductively as follows, where p is an atomic proposition, 
T*, *, — * are the multiplicative unit, conjunction, and implication respectively: 

A::^p\T \^\^A\Ay A\AaA\A^ A\T* \A^A \ A~* A 

The labelled sequent calculus for BBI employs a ternary relation of worlds 
that is based on a non-deterministic monoid structure, a la Galmiche et al. [5]. 

A non-deterministic monoid is a triple (A^,o,e) where is a non-empty 
set, e G X and o : M y. M P{M). The extension of o to V{M) uses 
X oY = [J{x oy : X ^ X,y ^ Y}. The following conditions hold in this monoid: 

— Identity: Va G Ai.e o a — {a} 

— Commutativity: Va, b € A4.a o b = b o a 

— Associativity: Va, b,c € A4.a o (b o c) — {a o b) o c. 

The ternary relation over worlds is defined by>CA^xA^xA^ such that 
>{a, 6, c) if and only if c G aob. Following Galmiche et al., we write a, b>c instead 
of >{a, b, c). We therefore have the following conditions for all a,b,c,d ^ M.: 

— Identity: e, a > & iff a = 6 

— Commutativity: a,b> c iff 6, a > c 

— Associativity: If there exists k s.t. (a, k> d) and (6, c> k) then there exists I 
s.t. {a,b>l) and {l,c\>d). 

Intuitively, the relation x, yoz means that z can be partitioned into two parts: 
X and y. The identity condition can be read as every world can be partitioned 
into an empty world and itself. Commutativity captures that partitioning z into 
X and y is the same as partitioning z into y and x. Finally, associativity means 
that if z can be partitioned into x and y, and x can further be partitioned into 
u and V, then all together z consists of u, v and y. Therefore there must exist 
an element w which is the combination of v and y, such that w and u form z. 
Note that since we do not restrict this monoid to be cancellable, {x, y > x) does 
not imply y = e. 



Let {A4,t>,e) be a relational frame and v : Var — > 'P{M.) be a valuation. 
A forcing relation "Ih" between elements of M. and BBI- formulae is defined as 
follows [5]: 

TO Ih T* iff m = e m II- P iff P £ Var and m £ w(P) 
TO Ih ± iff never m Ih A V P iff to Ih A or m Ih P 
TO Ih T iff always m Ih A A P iff to Ih and m Ih P 
TO Ih -lA iff m 1/ A m Ih A ^ P iff m 1/ A or TO Ih P 
TO Ih A =(! P iff 3a, 6. (a, 6 > to and a Ih A and b Ih P) 
TO Ih A~* B iff Va, 6. ((to, a > & and a Ih A) implies b Ih P) 

A formula A is true at m e if to Ih A and is valid if m Ih A for every m £ 7W 
in every model [M., i>, e, u). 

2.2 The Labelled Sequent Calculus 

The inference rules of our labelled system LS bbi are shown in Figure [1] where 
we use A to denote a formula, w,x,y,z are in the set LVar of label variables, 
and e is the label constant. We define a mapping p : {e} U LVar A4 from 
labels to worlds. Note that we overload the notation so that the empty world 
in the semantics and the label constant are both referred to as e, the ternary 
relation in the semantics and the calculus are both referred to as >. Therefore we 
impose the following condition on mappings from labels to worlds: Vp.p(e) — e. 
We shall assume this condition implicitly in what follows. 

A labelled formula w : A means formula A is true in world p{w). A relational 
atom {x,y > z) is interpreted as p{x),p{y) > p{z) in the semantics. That is, a 
labelled formula w : A is true iff p{w) Ih A, and a relational atom (x, y > z) is 
true iff p{x), p{y) > p{z) holds. 

A sequent is of the form P h Zi, where P and A are structures, the empty 
structure is 0a and P and A are multisets of labelled formulae and relational 
atoms, defined formally via: 

r::^(l)a\w:A\ix,y>z)\r;r 
A::=w: A\A;A 

Definition 1 (Sequent Validity). A sequent P h Z\ m LS bbi is valid if for 
all {M, >, e), V and p, if every member of F is true then so is at least one member 
of A. 

Note that BBI-validity of a formula A corresponds to validity of the sequent 
\- X : A, where x is an arbitrary label. This notion of validity is also adopted in 
other work for BBI |9|14j and CBI [2]. but is stronger than that used for BI [T5] . 
where a valid sequent is defined as one with a multiplicative unit on the left 
hand side. For example, the formula T* is valid in BI, but it is not a valid in our 
definition because the sequent h a; : T* is not provable (although the sequent 
h e : T* is provable). Translated to our setting, this would correspond to defining 
a valid formula as one which is true in the world e. 



In our definition of sequents, tlie structural connective ";" in tlie antecedent 
means (additive) "and" wliereas in tlie succedent it means (additive) "or" . This 
is slightly different from the traditional sequent notation where "," is used as the 
structural connective. Our notation is consistent with sequent systems for the 
family of Bunched Implication (BI) logics, where ";" is the additive structural 
connective, and "," is used to denote the multiplicative structural connective. 
The multiplicative structural connective is not explicitly presented in our sequent 
notation, but as we shall see later, it is encoded implicitly in the relational atoms. 

The formula introduced in the conclusion of each rule is the principal formula, 
and the relational atom introduced in the conclusion of each rule is the principal 
relational atom. 

The semantics of * involves an existential condition, so rules *L and *R 
incorporate existential and universal quantifiers respectively. Similarly, — * L and 
— * R incorporate universal and existential quantifiers respectively. Therefore, 
rules *L and — * R create a premise containing new relations, and the labels in 
the created relation must be fresh (except for the label of the principal formula) . 
Rules *R and — * L create a premise using already existing relations from the 
conclusion. Further, in rules A and Ac, the label w must be fresh in the premise, 
as it represents a new partition of the original world. 

In the rule T*L, there is an operation of global substitution [e/x] in the 
premise. A substitution r[y/x] is defined in the usual way: replace every occur- 
rence of a; in 7^ by y. 

The additive rules {-LL, TR, AL, AR, L, ^ R) and the multiplicative 
rules {T*L, T*R, *L, *R, — * L, ~* R) respectively deal with the additive/ mul- 
tiplicative connectives. The zero-premise rules are those with no premise (id, 
-LL, TR, T*R). Figure m shows an example derivation of LSbbi- 

Note that we start (at the bottom) by labelling the formula with an arbitrary 
world a. Since provability is preserved by substitutions of labels (Lemma [T|), 
provability of h a : _F implies provability of h w : _F, for any world w. Thus, if a 
formula is provable, then it is true in every world. 

2.3 Soundness 

The soundness proof reasons about the falsifiability of sequents, which is defined 
as follows. 

Definition 2 (Sequent Falsifiability). A sequent F h A in LSbbi is falsifi- 
able if there exist some {Ai,c>,e), v and p, such that every relational atom and 
labelled formula in F is true and every labelled formula in A is false, where: 

w : A is true iff p{w) Ih A 
w : A is false iff p{w) 1/ A 
{x,y>z) is true iff p{x) , p{y) t> p{z) holds 

Theorem 1 (Soundness). The labelled sequent calculus LSbbi is sound w.r.t. 
the Kripke semantics for BBL 



Identity and Cut: 



r\-x:A;A r';x: A\- A' 



r-w:Phw:P;A r-F'hA-A' 



Logical Rules: 



r[t/w\ h A[t/w] 



r-.w: A-,w: B \- A r\-w:A-A r\-w:B;A 

AR 



r-./w. AABh A r\-w:AAB:A 
r\-w:A;A r;w:B\-A r;w: A \- w: B; A 



r;w: A^ B\- A r\-w:A^B;A 

{x,y> z);r;x : A;y : B \- A {x,y t> z); T; x : A \- z : B; A 



r-z : A* B\- A r\-y:A^B;A 

(,r, (/[> c):i' I .r : A:z : A'i: B:A , ij > z) : T \ ij:B:z:A*B;A 

{x,y>z);r\-z:A*B;A 

{x,y> z);r;y : A^ B ^ x : A; A {x,y>z);r;y : A-* B;z : B\- A 
{x,y> z);r;y : A-* B \- A 

Structural Rules: 

{y,x>z); {x,y>z);r h A {u,w>z); {y,v>w); {x,y>zy, {u,v>x);r h A 

E 



{x,y> z);r \- A {x,y>z);{u,vt>x);r\-A 
{x,e\> x); r \- A {x,w > x); {y,y o w); {x, y t> x); F \- A 



r\-A (x,yt> x);r h A 

(e, w' > w'); r[w'/w] \- A[w'/w] (e, w' > w'y,r[w'/w] h A[w'/w] 



{t,w\>w')\r^ A (€,w't>w);ri-zi 



Side conditions: 

In T*Z/, Eq\ and Eq2, w ^ t. 

In *L and R, the labels x and y do not occur in the conclusion. 
In A and Ac, the label w does not occur in the conclusion. 

Fig. 1. The (cut-free) labelled sequent calculus LSbbi for Boolean BI. 



Proof. To prove the soundness of LSbbi-, we show that each rule preserves falsi- 
fiability upwards, as this is a more natural direction in terms of backward proof 
search. Therefore to prove that a rule is sound, we need to show that if the 
conclusion is falsifiable, then at least one of the premises is falsifiable (usually 



(e, a> a); {a,ei> a); a : A\- e : T* (e, a > a); (a, e > a); a : y4 h a : y4 

(e, a [> o); (a, e > a); a : j4 h a : T* * j4 

E 

{a, e o a); a : A \- a : T* * A 

u 

a : Ah a : T* * A 

\- a : A ^ (T* * A) 
Fig. 2. An example derivation in LSbbi- 

Axioms 

1. A-^ (T* * A) 

2. (T* ^A)-^ A 

3. (A * B) -)• (B * yl) 

4. Ia*{B* C)) {{A *B)*C) 

Deduction Rules 

hA^B hA^C hB^D ^, 

I- A ^ C) h (A * B) C 

I- (A * S) C ^* ^ \- A^ (B-* C) "* ^ 

Fig. 3. Some axioms and rules for the Hilbert system for BBI. 



in the same choice of u, p, and A^). As the rules in LSbbi are designed based 
on the semantics, this is easy to verify. The details are in Appendix lA.ll □ 

2.4 Completeness 

We prove the completeness of LSbbi by showing that every derivation of a 
formula in the Hilbert system for BBI 5 can be mimicked in LSbbi, possibly 
using cuts. 

The Hilbert system for BBI consists of the axioms and rules for classical 
propositional logic for the additive fragment and additional axioms and rules for 
the multiplicative fragment. For the latter, we use the axiomatisation given in 
[S] , and listed in Figure |31 We omit the axioms for classical propositional logic 
as they are standard, and can be found in, e.g., |17j . 

Theorem 2 (Completeness). The labelled sequent calculus LS bbi is complete 
w.r.t. the Kripke semantics for BBI. 

Proof. Given a derivation JJ of a formula A in the Hilbert system for BBI, we 
show that one can construct an LSbbi derivation II' of the sequent 0^ h w : A, 
for any label w ^ e. It is enough to show that each axiom and each rule of 
the Hilbert system can be derived. The derivations of the axioms in LSbbi are 
straightforward; we show here a non-trivial case in the derivation of the rules of 
the Hilbert system. Consider the rule — * 1: Suppose 77 is the derivation: 



A {B-* C) 
{A*B)^C ^ 

The LS BBi derivation 77' is in Figure IH where 7T{ conies from 7Ti via the 
induction hypothesis, 772 is the upper derivation in Figure SJ and 7^ — {{wi,W2 > 
w);wi: A]W2. B}). □ 



■ id 



r; wi : B-* C\- W2: B 



■ id 



r- wi ■ B-* C;w: C \- w. C 



id 



r- wi : B-* Chw.C 



r;wi: A^ C)\-w:C 



n[ 772 

\- wi : A ^ (73—* C) (wi, 1(72 > w); w\ : A ^ (73—* C); w\ : A\W2 : B \- w : C 
(u)i ,W2> w)\wi : A\W2 : B \- w : C 



cut 



w : A* B \- w : C 
\- w: {A* B) C 



R 



Fig. 4. A derivation of the rule — * 1 putting 7^ — {{wi,W2 t> w); wi : A;w2 : 73}). 



Corollary 1 (Formula validity). A BBI formula A is valid iff ^ w : A is 
derivable in LSbbi, for any arbitrary w. 

Proof. Follows from the soundness and completeness proof. Since w is arbitrary, 
A is true at any world for any valuation v, mapping p, and monoid structure 



3 Cut-elimination 



This section proves the cut-elimination theorem for our labelled sequent calculus. 
The general proof outlined here is similar to the cut-elimination proof for labelled 
systems for modal logic i.e., we start by proving a substitution lemma 
for labels, followed by proving the invertibility of inference rules, weakening 
admissibility, and contraction admissibility, before proceeding to the main cut- 
elimination proof. As there are many case analyses in these proofs, we only 
outline the important parts here. More details are available in Appendix \X\ 

Given a derivation 77, its height ht{II) is defined as the length of a longest 
branch in the derivation tree of 77. 

The substitution lemma shows that provability is preserved under arbitrary 
substitutions of labels. 

Lemma 1 (Substitution). 7/77 is an LSbbi derivation for the sequent F h A 
then there is an LSbbi derivation 11' of the sequent r[y / x\ h where every 

occurrence of label x (x ^ e) is replaced by label y, such that ht{n') < ht{II). 



Proof. By induction on ht{n). We do case analyses on the last rule of 77. Most 
of the cases are similar to Negri's labelled calculus for modal logic [11;, the only 
non-trivial cases are when the last rule is either T*L, Eqi or Eq2, and the labels 
X OT y are used in the principal formula/relational atom. The full proof is in 
Appendix IA.21 □ 

Admissibility of weakening is proved by a simple induction on the height of 
derivations so we state the lemma sans proof. 

Lemma 2 (Weakening admissibility). If F \- A is derivable in LSbbi, then 
for all structures F' and A' , the sequent F; F' h A; A' is derivable with the same 
height in LSbbi- 

Combining Lemma [1] and Lemma [U we can replace a formula that is never 
used in a derivation by any structure. More supplementary lemmas related to 
weakening are listed in Appendix IA.3I 

Lemma 3 (Invertibility of rules). If n is a cut-free LSbbi derivation of the 
conclusion of a rule, then there is a cut- free LS bbi derivation for each premise, 
with height at most ht{n). 

Proof. Most of the rules are trivially invertible. The proofs for the additive rules 
are similar to those for the additive rules from labelled calculi for modal logic 
or G3c (cf. [T^) since the rules are the same. The slightly non-trivial cases for 
the rules involving substitutions of labels follow from Lemma [T] The proof is 
detailed in Appendix IA.4I □ 

The proof of the admissibility of contraction on additive formulae is similar 
to that for classical sequent calculus since the LS bbi rules for these connectives 
are the same. In the multiplicative rules, the principal formula is retained in 
the premise, so admissibility of contraction on multiplicative formulae follows 
trivially. We need to prove that contraction on relational atoms is admissible, as 
stated in the next lemma. 

Lemma 4. For all structures F, A, and ternary relations {x, y> z): if 11 a cut- 
free LS bbi derivation of {x, y>z); (x, y>z); F h A, then there is a cut-free LS bbi 
derivation 77' of {x, y > z); F ^ A with ht{n') < ht{n). 

Proof. ( Outline) Let n ~ ht{n). The proof is by induction on n. Most of struc- 
tural rules only has one principal relational atom, so it is easy to show that 
contraction can permute through them. 

The case for A needs more care, as it involves two principal relations. If the 
two principal relations are different, then the admissibility of contraction follows 
similarly as above. But if the principal relations are a pair of identical relations, 
the situation is a bit tricky. The original derivation runs as follows. 

77 

{x, wt>x);{y,y> w); {x, y > x); {x,y > x); F \- A ^ 
{x,yt>x); {x,y>x);F\- A 



There is no obvious way to make this case admissible, and this is the reason 
we have a special case of the rule A, namely Ac- In the rule Ac, contraction is 
absorbed so that there is only one principal relation. The new derivation is as 
follows. 

n' 

{x, w\> x);{y,yt> w); {x, y\>x);r'r A ^ 
{x,y>x);r^A 

For Eqi and Eq2 , as the principal relation is carried to the premise (although 
some labels may be changed), so admissibility of contraction on those relations 
is obvious. □ 

The admissibility of contraction on formulae are straightforward, the most of 
cases are analogous to the ones in Negri's labelled calculus for modal logic pT| . 
For details please see Appendix lA. 51 

Lemma 5 (Contraction admissibility). IfF; F \- A; A is derivable in LSbbi, 
then r A is derivable with the same height in LSbbi- 



Cut Elimination Theorem 

We define the complexity of an application of the cut rule as {\f\, ht{IIi) + 
ht{n2)), where |/| denotes the size of the cut formula (i.e., the number of con- 
nectives in the formula), and ht{IIi), ht{n2) are the heights of the derivations 
above the cut rule, the sum of them is call the cut height. If there are multiple 
branches in TTi, then /it(i7i) shall be the height of the longest branch, simi- 
larly for ht{n2). The strict ordering for both parts of the pair is > on natural 
numbers. 

Theorem 3 (Cut-elimination). If F A is derivable in LSbbi , then it is 
also derivable without using the cut rule. 

Proof. By induction on the complexity of the proof in LSbbi- We show that 
each application of cut can either be eliminated, or be replaced by one or more 
cut rules of less complexity. The argument for termination is similar to the cut- 
elimination proof for G3ip [H]. We start to eliminate the topmost cut first, and 
repeat this procedure until there is no cut in the derivation. We first show that 
cut can be eliminated when the cut height is the lowest, i.e., at least one premise 
is of height 1. Then we show that the cut height is reduced in all cases in which 
the cut formula is not principal in both premises of cut. If the cut formula is 
principal in both premises, then the cut is reduced to one or more cuts on smaller 
formulae or shorter derivations. Since atoms cannot be principal in logical rules, 
finally we can either reduce all cuts to the case where the cut formula is not 
principal in both premises, or reduce those cuts on compound formulae until 
their cut heights are minimal and then eliminate those cuts. The case analyses 
are shown in Appendix IA.6I Here we only present one interesting case where the 



{x, y :> z); r h X : A; z : A * B; A 



(x, y t> z); r h y : B: z : A* B; A 



(x', y' > z); r' - x' : A: y' : B i- A' 



(x, y > z); r h z : A * B; A 



r' ; z : A * B h a' 



cut 



(x, y t> z); r; r' h A; A' 



n: 



2 



n: 



3 



{x, y t> z); r- h y : B; A; A' 




Fig. 5. The cut reduction for * where the cut formula is principal in both premises. 

cut formula is principal in both premises, and the rules applied on each premise 
are *i? and *L respectively. 

The cut transformation in this case is given in Figure[S] There, the derivation 
7T{ (likewise, U'^) is obtained by applying a cut to Tlx (resp., Il'i) and the right 
premise of the original cut. We must also apply Lemma [5] to remove excess 
contexts. □ 

4 Localising structural rules 

As a first step towards designing an effective proof search procedure for LSbbi, 
we need to restrict the use of structural rules. 

We remark the fact that the structural rules in LS bbi can permute through 
all other rules except for id, T*R, *R, and — * L. We refer to these four rules as 
positive rules, and the rest logical rules in LSbbi as negative rules. The main 
reason is, all negative rules do not rely on the relational atoms. This is formalised 
in the following lemma, and proved in Appendix IA.7I 

Lemma 6. The structural rules in LSbbi can permute upwards through any 
negative rules in LSbbi- 

Then we design a more compact proof system where applications of struc- 
tural rules are separated into a special entailment relation for relational atoms. 
We shall see in the next section that proof search in this proof system can be 
separated into two phases: guessing the shape of the proof tree, and deriving 
the relational atoms needed. The latter will be phrased in terms of a constraint 
system. 

In this section we localise the structural rules in two steps: we first deal with 
Eqi and Eq2, and then the other structural rules. 

4.1 Localising Eqi and Eq2 

Allowing substitutions in a proof rule simplifies the cut-elimination proof for 
LS bbi- However, for proof search, this creates a problem as Eqi and Eq2 do not 
permute over certain rules that require matching of two labels (e.g., *R or — * L). 
Our first intermediate proof system LS'bbi aims to remove substitutions from 



LS BBI- Instead, the equahty between labels is captured via a special entailment 
relation. To define its inference rules, we first need a few preliminary definitions. 

Let r be an instance of a structural rule. We can view r as a function that 
takes a set of relational atoms (in the conclusion of the rule) and outputs another 
set (in the premise). We shall write r{Q,9), where Q is the set of principal 
relational atoms and is a substitution, to denote the set of relational atoms 
introduced in the premise of an instance of r with conclusion containing Q, and 
where the substitution used in the rule is 0, which is the identity substitution 
in all cases except when r is Eqi or Eq2. Let tr be a sequence of instances of 
structural rules [ri(t/i, 9i)] • • • ; r„(t/„. On)]- Given a set of relation atoms G, the 
result of the application of a to G, denoted by S{G,<j), is defined inductively as 
follows: 

(G if a = [ ] 

S{G,<J) ^ ls{G9Ur{G',0),a') if G' ^ G and a ^ [r{G' ,9); a'] 
I undefined otherwise 

Given a a = [ri{Gi,Oi); • • • ; r„(t/„, 0„)], we denote with substijr) the composite 
substitution 9i o ■ - ■ o 9n, where t{9i o 92) means {t9x)92- 

Definition 3. Let G he a set of relational atoms. The entailment relation G I~_e 
u = V holds iff there exists a sequence a of Eqi or Eq2 structural rules such that 
S{G,cf) is defined, and u9 = v9, where 9 = subst{a). 

We now define the proof system LS'ggj as LS bbi \ {Eqi, Eq2} (i.e., LS bbi 
without rules Eqi,Eq2) where certain rules modified according to Figure [SI 

G \-E {wi = W2) {e,w > e); r ^ A Q Kb (w = e) 

r;wi : P\- W2 ■- P;A r;TO : T* h Z\ T h w : T*;Z\ 

{x,y'> z');rh X : A;z : A* B;A {x,y t> z'); F \- y: B; z : A * B; A Q^e{z = z') 

{x,y> z');r \- z: A*B;A 

{x,y't>z);r;y:A-*B'rx:A;A {x,y' > z); T-y: A-* B; z : B h A Q^E{y = y') 

{x,y' > z);r;y : A-* B h Z\ 

(u,w > z)\{y,v > w);{x,y > z);{u,v > x'); r \- A Q \-e {x = x') 

A 

(x, y \> z); {u,v > x'); r \- A 

{x,w > x'); {y,y > w); {x,y t> x'); r \- A Q \-e (x = x') 

{x,yt>x'y,rh A 

Q is the set of relational atoms on the left hand side of the conclusion sequent. 



Fig. 6. The changed rules in LS'bbi- 



Note that the new T*L rule does not modify any labels, instead, the relational 
atom (e, w>e) in the premise ensures that the derivability of {w — e) is preserved. 
Also, the equality entailment does not fully capture the reflexivity, transitivity, 
and symmetry of equality. Rather, the structural rule U is used when symmetry 
is required to derive an equality. The point of this intermediate step is to avoid 
label substitutions in the proof system. 

Theorem 4. A sequent F \- A is derivable in LS bbi if and only if it is derivable 
in LS%Bi- 

Proof. ( Outline) One direction, from LS%gi to LS bbi is straightforward, as h^; 
is essentially just a sequence of applications of Eqi and Eq2. The other direction 
can be proved by showing that Eqi and Eq2 are admissible in LS^gj. A more 
detailed proof is given in Appendix IA.8[ IA.9[ for soundness and completeness 
respectively. □ 



4.2 Localising the rest of the structural rules 

As a second step, we isolate the rest structural rules into a separate entailment 
relation, as we did with Eqi and Eq2. 

Definition 4 (Relation Entailment h/j). The entailment relation has the 
following two forms: 

1- Q l~-R {wi = W2) is true iff there is a sequence a of E, U , A, Ac applications 

so that S{Q, a) \-e {wi = W2). 
2. Q {wi, W2>W3) is true iff there is a sequence a of E, U , A, Ac applications 

so that (w'i,w'2C>w'^) e S{Q,a) and the following hold: S{G,<j) \-e {wi = w'l), 
cr) \-E {w2 = w'2), and S{Q, a) (^3 = W3). 



Q ^r{w = e) 

g\\r hw-.T'-A ^''^ 

S{g,a)\\r \- y: B-w: A* B;A G \-r {x,y>w) 
g\\r \-w:A*B;A 

S{g,a)\\r;w: A-* B\- X : A;A S{g,a)\\r;w: A-* B; z : B h A ghR{x,w>z) 

g\\r;w : A-* B^ A 

tl: a is the derivation of g \-r {x,yt>w) [\: a is the derivation of g \-r {x, w> z) 

Fig. 7. Changed rules in LS'lgj. 



g \-R (wi = W2) 
g||r;wi ■.Phw2:P;A 

S{g,G)\\r h x : A-w ■.A*B-A 



The changed rules in the second intermediate system LSggj is given in Fig- 
ure [7] where we use a slightly different notation for sequents. We write Q\\r \- A 



to emphasize that the left hand side of a sequent is partitioned into two parts: 
Q, which contains only relational atoms, and F, which contains only labelled 
formulae. 

The following is an immediate result, the proof is divided in two parts for 
soundness and completeness, detailed in Appendix I A. 11 1 and I A. 12l respectively. 

Theorem 5. A sequent F \- A is derivable in LS%gj if and only if it is derivable 
in LS%Bj. 

5 Mapping proof search to constraint solving 

We now consider a proof search strategy for LS'^^^j. As we have isolated all the 
structural rules into the entailment relation hjj, proof search in LSggj consists of 
guessing the shape of the derivation tree, and then checking that each entailment 
\-u can be proved. The latter involves guessing a splitting of labels in the *R and 
— * L rules which also satisfies the equality constraints in the id and T*R rules. 
We formalise this via a symbolic proof system, where splitting and equality 
are handled lazily, via the introduction of free variables which are essentially 
existential variables (or logic variables) that must be instantiated to concrete 
labels satisfying all the entailment constraints in the proof tree, for a symbolic 
derivation to be sound. 

Free variables are denoted by x, y and z. We use u, v, w to denote either 
labels or free variables, and a, 6, c are ordinary labels. A symbolic sequent is 
just a sequent but possibly with occurrences of free variables in place of labels. 
We shall sometimes refer to the normal (non-symbolic) sequent as a ground 
sequent to emphasize the fact that it contains no free variables. The symbolic 
proof system FVLSbbi is given in Figure [51 The rules are mostly similar to 
LS^ggj , but lacking the entailment relations . Instead, new free variables are 
introduced when applying *R and — * L backward. Notice also that in FVLSbbi, 
the *R and — * L rules do not compute the set S{G, cr). So the relational atoms in 
FVLS BBi are those that are created by *L, — * _R, T*L. In the following, given a 
derivation in FVLS bbi , we shall assume that the free variables that are created 
in different branches of the derivation are pairwise distinct. We shall sometimes 
refer to a derivation in FVLSbbi simply as a symbolic derivation. 

An equality constraint is an expression of the form Q h]^ (u = v), and a 
relational constraint is an expression of the form Q h)^ (u, v w). In both cases, 
we refer to Q as the left hand side of the constraints, and (u — v) and (u, v>w) 
as the right hand side. Constraints are ranged over by c, c', Ci, C2, etc. Given a 
constraint c, we write t/(c) for the left hand side of c. A constraint system is 
just a set of constraints. We write Q h)^, C for either an equality or relational 
constraint. We write fv{c) to denote the set of free variables in c, and fv{C) to 
denote the set of free variables in a set of constraints C. 

Definition 5 (Constraint systems). A constraint system is a pair (C, ^) of 
a set of constraints and a well-founded partial order on elements of C satisfying 



Initial Sequent: g\\r-wi:P\-W2:P;A 
Logical Rules: 



g\\r;w : ±h A g\\rhw.T;A 

g;{e,yv>c)\\r h A 



g||r;w:T-hzA g\\r^^:T*;A 

g\\r-w. A-w. B \- A g\\r\-w.A;A g\\r\-Mv:B;A 



g\\r;w. AAB\- A g\\r \- w. A A B; A 

g\\r \- MV : A; A g\\r;w:B\-A g\\r-Mv:A\--w:B;A 



g\\r;w: A^ B\- A g\\r \- w: A ^ B; A 

g-, (a,b>w)\\r;a : A;b : B \- A g-, {a,w > c)\\r;a : A\- c : B; A 

♦it 



g\\r;w:A*B\-A g\\r \- MV : A^ B; A 

g\\r A;w : A* B;A g\\r h y: B;w : A* B; A 

g\\r h w. A* B;A 

g\\r;w: A-* Bi-x:A;A g\\r;w : A-* B;z:B\- A 
g\\r;w: A^ B\- A 

f: a and b must be fresh in *L |: a and c must be fresh in ^ i? 

tt: X and y are new free variables in *Ji t]: x and z are new free variables in — * L 



Fig. 8. Labelled Sequent Calculus FVLSbbi for Boolean Bl. 



Monotonicity: Ci < C2 implies Q{ci) C Q{c2)- It is well-formed if it also satisfies 
Unique variable origin: Vx in C, there exists a unique minimum (w.r.t. 
constraint c(x) = (u, v>w) s.t. x occurs in (u, vow), but not in Gx, o,nd 

X does not occur in any c' where c' ^ c(x). Such a c(x) is the origin ofx. 



From now on, we shall denote with c(x) the constraint where x originates 
from, as defined in the above definition. We use the letter C to range over 
constraint systems. 

We write Ci -< cj when a ^ Cj and Cj ^ Cj. Further, we define a direct 
successor relation < as follows: u < Cj iff c, -< Cj and there does not exist any Cfc 
such that Ci -< Cft -( Cj. 

During proof search, associated constraints are generated as follows. 



Definition 6. To a given symbolic derivation U, we associate a set of con- 
straints C{n) as follows where the lowest rule instance of 11 is: 



id c{n) = {g (wi = W2)} 
T*i? c{n) = {g (w = e)} 

*R C{n) = C(7Ti)UC(7T2)U{^ (x,y[>w)} where the left premise 

derivation is TTi and the right- premise derivation is 772 
-* L C{n) = C(77i)UC(772)U{^ V-\ (x,wl>y)} where the left premise 



Each constraint c G C{n) corresponds to a rule instance r(c) in 77 where c is 
generated. The ordering of the rules in the derivation tree of 77 then naturally 
induces a partial order on C(77). That is, let be an ordering on C(77) defined 
as follows: Ci C2 iff the conclusion of r(ci) appears in the path from the root 
sequent to the conclusion of r(c2). Then obviously is a partial order. 

The following property of C(77) is easy to verify. 

Lemma 7. Let 11 is a symbolic derivation. Then (C(77),^^) is a constraint 
system. Moreover, if the root sequent is ground, then {C{n), is well-formed. 

Given a symbolic derivation 77, we define C(77) as the constraint system 
{C{n),^") as defined above. 

A consequence of Lemma[7]is that if C(77) ^ { }, then there exists a minimum 
constraint c, w.r.t. the partial order such that g{c) is ground. 

We now define what it means for a constraint system to be solvable. This is 
a bit complicated, because we need to capture that (ternary) relational atoms 
created by the solution need to be accumulated across different constraints, in 
order to guarantee soundness of FVLS bbi ■ A free-variable substitution 9 is a 
mapping from free variables to free-variables or labels with finite domain. We 
denote with dom{6) the domain of 9. Given 6 and a set V of free variables, 9 ^ V 
is the substitution obtained from 9 by restricting the domain to V , i.e.. 



Given 9 and 9' such that dom{9') C dom{9), we define 9\9' as the substitution: 



Definition 7 (Simple constraints and their solutions). A constraint c is 
simple if its left hand side g{c) contains no free variables. A solution (9, a) to a 
simple constraint c is a substitution 9 and a sequence a of structural rules such 
that: 

— If c is g hjj (u — v) then a is a derivation of g {ud = v9). 

— If c is g h|j (u, V l> w) then a is a derivation of g hji {u9, v9 > w0). 



derivation is 77i and the right-premise derivation is 772 

If 77 ends with any other rule, with premise derivations 

{77i, . . . , 77„}, then C{n) = C(77i) U • • • U C(77„). 





The minimum constraints of a well- formed constraint system are simple. 



Definition 8 (Restricting a constraint system). Let C = (C, ^) be a well- 
formed constraint system, and c be a minimum (simple) constraint in C. Let 
{0,a) be a solution to c and Q' = S{Q{z),a). Define a function f on constraints: 




{Q' u ge ce) if e ^ {g c)ec\ {c} and c ^ c', 



The restriction of C by (c, 0, ct), written C t (c, ^?,cr), is the pair (C, :<'), where 
(1) C = {fit') I c' e C \ {c}} and (2) /(ci) <' /(ca) iff Ci ^ C2. 

Lemma 8. The pair C t (^i ''') ^.^ defined in Definition \^is a well-formed 
constraint system. 

Definition 9 (Solution to a well- formed constraint system). Let C = 

({ci, . . . , c„}, <) be a well-formed constraint system. A solution {9, {ai, . . . , tTn}) 
to C is a substitution and a set of sequences of structural rules, such that: 

If ri = then [9, {ai, . . . , fTn}) *s trivially a solution. 

If n > 1 then there must exist some minimum (simple) constraint in C. For any 
minimum constraint Ci, let 9i = 9 '[ fv{ci), then [9i,ai) is a solution to Ci, 
and {9 \ 9i, {cri, . . . , (T„} \ ai) is a solution to C t (cj, 9i, ai). 

In Definition [SJ suppose a constraint system C = ({ci,--- ,c„},^) has a 
solution {9, {(Ti, • • • , an}), then for each constraint Ci in C, let be the simple 
constraint obtained from Ci in the process of restricting C, there is a solution 
{9i,ai) for c^, where 9i is a restriction on 9 that contains the free variables in 
cj;, and g {cti,-- - ,cr„}. In this case, we will simply write ai = dev{ci) for 
the mapping between a (possibly ungrounded) constraint in the system and the 
corresponding derivation in the solution. 

Theorem 6 (Soundness). Let n be a symbolic derivation of a ground sequent 
g\\r h- A. If C{LI) is solvable, then g\\r [- A is derivable in LS^^gj. 

The proof is done by induction on the height of symbolic derivations. The ba- 
sic idea of the proof is that one progressively "ground" a symbolic derivation, 
starting from the root of the derivation. At each inductive step we show that 
grounding the premises corresponds to restricting the constraint system induced 
by the symbolic derivation. The detailed proof can be found in Appendix IA.13I 
To prove the completeness of FVLSbbi, we show that for every cut-free 
derivation 7T of a (ground) sequent in LSggj, there is a symbolic derivation 
n' of the same sequent such that C{II') is solvable. It is quite obvious that 77' 
should have exactly the same rule applications as 77; the only difference is that 
some relational atoms are omitted in the derivation, but instead are accumulated 
in the constraint system. Additionally, some (new) labels are replaced with free 
variables. This is formalised in the following definition. 

Definition 10. Given a sequent in a LSg^j derivation, let g be the set of its 
relational atoms, we define gE as the subset of g that contains those ternary 
relational atoms created by *L, — * 7?, and T*L. We define gg = g \ g^. We 
refer to gs as the essential subset of g , and gg as the supplementary subset 

ofg. 



For a list L, we denote by head{L) the first element in the list L and tail(L) 
the list of L without the first element, and end{L) the last element in L. We 
denote by Li@L2 the concatenation of two lists Li and L2, and pre{x) the 
predecessor of x in a list L, and suc{x) the successor of x in L. 

Given a well- formed constraint system (C, we can define a partial order 
on free variables of C as follows: x y iff c(x) < c(y). That is, free variables 
are ordered according to their originations. The relations and <" are defined 
analogously to < and <, i.e., as the non-refiexive subset of <^ and the successor 
relation. 

Definition 11 (A thread of variables). Let C = (C, ^) he a well-formed 
constraint system, and let X be a list 0} free variables xi, . . . ,x„, where n > 0. 
Let be the partial order on variables, derived from ^ . We say X is a thread 
of free variables of C (or simply a thread of C) iff it satisfies the following 
conditions: 

1. Vx e x G fv{C) 

2. For every i € {1, . . . , n — 1}, x^ x^+i. 

3. If n > 1, then xi is a minimum element and x„ is a maximum element of 
^" ■ 

4- If 1^ ^ Ij then c(xi) is a minimum constraint in C. 

A thread is effectively those variables that are generated along a certain 
branch in a FVLS bbi symbolic derivation. It is not hard to verify that in a valid 
symbolic derivation in FVLS bbi of a ground sequent, the set of free variables 
in any symbolic sequent in the derivation can be linearly ordered as a thread. 

Definition 12. Let C ~ (Ci,^i) be a well-formed constraint system, let X be 
a thread of Ci and let C2 = (C2,^2) be a constraint system (but not necces- 
sarily well-formed) such that X consists of free variables in fv{Ci) C] fv{C2)- 
Furthermore, assume that every variable x in C , except for those in X, satisfies 
the variable origination property, i.e., x originates from a constraint in C . The 
composition of Ci and C2 along the thread X , written Cio-^ C2, is the constraint 
system (C, ^) such that: 

— C = Ci U C2; and 

— For Ci, C2 £ C, Ci ^ C2 iff either one of the following holds: 

• Ci ^1 C2, 

• ci ^2 C2, or 

• X is non-empty, y = end(^X), Ci = c(y) and C2 G €2- 

This definition basically says that the composition of Ci and C2 along X is 
obtained by simply ordering the constraints so that all constraints C2 are greater 
than c(y), where y is the last variable in X. If X is empty, then Ci and C2 are 
independent, and -< is simply the union of ^1 and -<2 • 

Lemma 9. Let (C, ^) be as defined in Definition WA Then (C, is well-formed. 



Proof. This follows straightforwardly from the definition. 



□ 



Lemma 10. Let C = (C, ^) be a well-formed constraint system and let X be a 
thread of C. Let LL be a symbolic derivation such that the free variables in its 
end sequent are exactly those in X . Then C o-^ C(7T) is well-formed. 

Definition 13. Let C = (C, ^) be a well-formed constraint system and let S = 
{9, {(?}) be its solution. Let X be a thread of C Define a set of relational atoms 
iS*(C, S*, X) inductively as follows: 

- Ifn^O then S*{C,S, []) = 

— Suppose n > 0. Let head{X) = x. Then c(x) £ C is a minimum constraint of 
C, and there exists CTx G {<?} such that (0x,fx) is a solution to c(x), where 

= ^ t f^i'^i^))- ihis case, 5*(C, S,X) is defined as follows. 

S*{C, S, X) = 5(a(c(x)), tlx) U 5*(C t (c(x), 9^, a^),S', taU{X)) 
where S' ^{e\e^,{a}\{a^}). 

Notice that by the definition of restriction to a constraint system, every time a 
minimum constraint Cx is eliminated in the second clause in the above definition, 
'5(t/(cx), (Tx) is also added to the left hand side of every successor constraints of 
Cx in C. Therefore it is straightforward that the following proposition holds. 

Proposition 1. Let C = (C, ^) be a well-formed constraint system. Let Q = 
S*{C, S, X), for some thread X of C, let Xg ~ end{X) and let S = {6, {a}) be 
a solution to C. Let c = Gc ^'r C'c be a constraint not in C, such that only 
contains free variables that occur in C. Let :x. be a new variable occurring only 
on the right hand side of c. Let C = (C, :<') be the following constraint system: 

- C = CU {c}; 

— :<' is the smallest extension of ^ such that c(xe) < c. 

Let {6x,o'x) be the solution to c' = G^Gc(^ C'c^, S' ~ (0 U 0^, {c, fx}); o,nd 
X' = X@[x]. Then S*{C',S',X') = S{g U g,9,ax). 

Theorem 7. Let LL be a derivation of a sequent in LSggj. Then there exists a 
symbolic derivation LI' of the same sequent such that C{LI') is solvable. 

The heart of the proof for this theorem is that we can recover the supple- 
mentary subset for each sequent from the constraint system using S* . Since the 
constraint system accumulates the relational atoms in the derivation, this is not 
a surprising result. The proof is given in more details in Appendix I A. 141 

6 A heuristics for proof search 

Suppose we want to prove ((a * &) * c) {a * {b * c)). Using FVLSbbi, we 
build a symbolic derivation as in Figure [9] (right associativity for connectives is 
assumed). The following constraints are generated from this derivation: 



Let A := {a2 : c ; a3 : a} and A := {a3 : o ; o4 : 6} in 



A; a4 : 6 h x7 : 6 o2 : c; r2 h x8 : c 

id 

a2 : c; o3 : a; a4 : & h x5 : a a2 : c; o3 : a; a4 : 6 h x6 : 6 * c 

*R 

a2 : c;a3 : a;a4 : b\- aO : a * b * c 
; ; 

al : a*b;a2 : c\- aO : a*b* c 

* L 

aO : {a* b) * c\- aO : a *b * c 

i n / i — ^ 

haO: (a*b)*c—^a*b*c 
Fig. 9. A symbolic derivation for ((o * 6) * c) (a * (6 * c)). 



(al, a2 > aO) 
(al,a2>a0) 
(al,a2>a0) 
(al, a2 [> aO) 
(al,a2>a0) 



(a3,a4i>al) (a3 = x5) 

(a3,a4i>al) h^j (a4 = x7) 

Ia3,a4>al) \-r (a2 = x8) 

(a3,a4i>al) hj^ (x7,x8>x6) 

(a3,a4i>al) h/j (x5,x6>a0) 



Since the first three constraints are required by the id rule, we must accept 
them. Thus we are only left with the last two constraints with free variables 
x5,x7, x8 assigned. In the following, we shaU write (ol, a2 i> oO); (a3, a4 > al) 
as G, and (a3,x6 > aO); (a2,a4 o x6) as C. Now x6 is the only remaining free 
variable. We can apply the rule A (upward) on the left hand side Q to obtain 
(a3, w\>aO); (a2, a4i>'u;), where w is a new label. Then apply the rule E (upward) 
to obtain (a4, a2>w). The two constraints can be solved by assigning w to x6. 

But there is a simpler way to see that such a w must exist: the two ternary 
relational atoms in G manifest that aO can be split into a2, a3, a4. This is exactly 
what C says. For any variant of G that describes the same splitting of aO as C, 
the "internal" node x6 can always be assigned to either an existing label or a 
label generated by the associativity rule. In the example, x6 cannot be matched 
to any existing label, so we can assign x6 to be a fresh label globally, and add 
C to the l.h.s. of the successor constraints in the partial order Similarly for 
any variant of C with the same splitting of aO. 

We can extend this method to a chain of multiple relational atoms which 
forms a labelled binary tree. We define a labelled binary tree as a binary tree 
where each node is associated with a label. Each node in a labelled binary tree 
has a left child and a right child. The minimum labelled binary tree has a root 
and two leaves, which corresponds to a single relational atom. We define the 
following function inductively from a labelled binary tree to a set of relational 
atoms. 

Definition 14. Let tr be a labelled binary tree, the set of relational atoms w.r.t. 
tr, written as Rel{tr), is defined as follows. 

— (Base case): tr only contains a root node labelled with r and two leaves 
labelled with a, h respectively. Then Rel{tr) = {(a. h > r)} 

— (Inductive case): tr contains a root node labelled with r and its left and 
right children labelled with a and b respectively. Then Rel{tr) = Rel{tra) U 



Rel(trb)U{{a, b>r)}, where tva and tr^ are the subtrees rooted at, respectively, 
the left child and the right child of the root node of tr. 

The width of a labelled binary tree is defined as the number of leaves in the 
tree. A labelled binary tree is a variant of another labelled binary tree if either 
they are exactly the same, or they differ only in the labels of the internal nodes. 

We say that a set R of relational atoms forms a labelled binary tree tr when 
R = Rel{tr). In this case, the leaves in tr are actually a "splitting" of the root 
node. Commutativity and associativity guarantee that we can split a node arbi- 
trarily, as long as the leaves in the tree are the same. Moreover, since all internal 
nodes are free variables, we can assign them to either existing labels or fresh 
labels (created by A, Ac) without having clash with existing relational atoms. 
This idea is formalised in the following lemma, and is proved in Appendix IA.15I 

Lemma 11. Given constraints Ci < • • • < c„ with Q = G{ci) = ■ ■ ■ = Q{cn) and 
the r.h.s. of these constraints gives the set R of relational atoms. If the following 
hold: 

1. R = Rel{tr), for some labelled binary tree tr where every internal node label 
is a free variable x which only occurs once in tr, and Ci < c(x). 

2. The other node labels in tr are non-e labels. 

3. There exist Q' <ZQ and tr' such that Q' = Rel{tr') and tr' has the same root 
and leaves as tr. 

Then Ci, • • • , c„ are solvable. 
7 Experiment 

We used a Dell Optiplex 790 desktop with Intel CORE 17 2600 @ 3.4 GHz 
CPU and 8GB memory as the platform, and tested the following provers on the 
formulae from Park et al. [14_. (1) BBeye: the OCaml prover from Park et al. 
based upon nested sequents [Ti ; (2) Naive (Vamp): translates a BBI formula into 
a first-order formula using the standard translation, then uses Vampire 2.6 [S] 
to solve it; (3) FVLSbbi Heuristic: backward proof search in FVLSbbi, using 
the heuristic-based method to solve the set of constraints. 

The results are shown in Table [TJ The BBeye (opt) column shows the results 
from Park et al's prover where the d() indicates the depth of proof search. The 
other two columns are for the two methods stated above. We see that naive 
translation is comparable with BBeye in most cases, but the latter is not stable. 
When the tested formulae involves more interaction between structural rules, 
BBeye runs significantly slower. The heuristic method outperforms all other 
methods in the tested cases. 

Nonetheless, our prover is slower than BBeye for formulae which contain 
many occurrences of the same atomic formulae, giving (id) instances such as: 
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0.001 
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0.001 


(a * (fe * (c * (d * e)))) — !> (e * (d * (a * (fe * c)))) 




d(3) 
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0.001 


(a * (6 * (c * (d * e)))) — > (e * (b * (a * (c * d)))) 




d(4) 


20.829 


0.333 


0.001 


T* — (a * ((fe— * e) * (c * d))— * ((a * d) * (c * (fe— * e)))) 


d(3) 


6.258 


0.152 


0.007 



Table 1. Initial experimental results. 



We have to choose some Wi to match with x without knowing which choice satis- 
fies other constraints. In the worst case, we have to try each using backtracking. 
Multiple branches of this form lead to a combinatorial explosion. Determinising 
the concrete labels (worlds) for formulae in proof search in LSbbi or BBeye [l4] 
avoids this problem. Further work is needed to solve this in FVLS bbi- 

Even though we do not claim the completeness of our heuristics method, it 
appears to be a fast way to solve certain problems. Completeness can be restored 
by fully implementing LSbbi or FVLS bbi- The derivations in LSbbi are gen- 
erally shorter than those in the Display Calculus or Nested Sequent Calculus for 
BBI. The reader can verify that most of formulae in Table [1] can even be proved 
by hand in a reasonable time using our labelled system. The optimisations of 
the implementation, however, is out of the scope of this paper. 

8 Conclusion and Future Work 

Our main contribution is a labelled sequent calculus for BBI no that is sound, 
complete, and enjoys cut-elimination. There are no explicit contraction rules in 
LS BBI and all structural rules can be restricted so that proof search is entirely 
driven by logical rules. We further propose a free variable system to restrict the 
proof search space so that some applications of — * L rules can be guided by 
zero-premise rules. Although we can structure proof search to be more manage- 
able compared to the unrestricted (labelled or display) calculus, the undecid- 
ability of BBI implies that there is no terminating proof search strategy for a 
sound and complete system. The essence of proof search now resides in guessing 
which relational atom to use in the *i? and — * L rules and whether they need to 



(a, 6 > c); r[c/d] h A[c/d] (a, fe > c); T h zi 



{a,ht>c);{a,ht>d);r^ A T h zl 

(e,el>e);r[e/a][e/&] h A\e/a]\e/b] {a,h> c); r[b/ d] h Zi[6/d] 



(a,fel>e);r h Zi (a, b l> c); (a, d > c); T h Z\ 

In T, a, 6 do occur in the conclusion but c does not 
In all substitutions \y/x\, x ^ e 

Fig. 10. Some auxiliary structural rules. 



be applied more than once to a formula. Nevertheless, our initial experimental 
results already raise the hope that a more efhcient proof search strategy can be 
developed based on our calculus. 

An immediate task is to find a complete and terminating (if possible) con- 
straint solving strategy. A counter- model construction for BBIpo has been stud- 
ied by Larchey-Wendling using labelled tableaux |7| , the possibility to adapt his 
method to BBIpfjy using our calculus is also a future work. 

Another interesting topic is to extend our calculus to handle some semantics 
other than the non-deterministic monoidal ones. Our design of the structural 
rules in LSbbi can be generalised as follows. If there is a semantic condition 
of the form (w;ii,it;i2 > wis) A • • • A {wii,Wi2 > wts) (w'n, w'12 > ^^'13) A ■ • • A 
{Wji,Wj2 > w'j^) A (xii = X12) A • • • A {xki = Xk2), we create a rule: 

{■w'ii,w'i2 > w'l-j); ■ ■ ■ ■ {■w'ji,w'j2 > w'j^); (wn, W12 > W13); ■ • ■ ; (wii, Wi2 t> Wis); F h A 
(toii, W12 > W13); ■ ■ • ; {wii,Wi2 owis); F \- A 

And apply substitutions [xi2/xii] • • • [xk2/xki\ globally on the premise, where 
e is not substituted. Many additional features can be added in this way. We 
summarise the following desirable ones: (1) PD-semantics: the composition of 
two elements is either the empty set or a singleton, i.e., (a, b> c) A {a,bt> d) ^ 
{c — d); (2) TD-semantics: the composition of any two elements is always defined 
as a singleton, i.e., \/a,b,3c s.t. (a, 6>c); (3) indivisible unit: (cf. Section ??) 
{a,b \> e) => {a — e) A {b ^ e); and (4) cancellative: ii w o w' is defined and 
w o w' — w o w" , then w' — w" , i.e., (a, b> c) A {a,d> c) {b ~ d). Note that 
(2) and (4) are in addition to (1). The above are formalised in rules P, T, lU, 
C respectively in Figure [TOl 

The formula {F * F) F, where F = -.(T-* -.T*), differentiates BBInd 
and BBIpD [9] and is provable using LSbbi + P- Using LSbbi + T, we can 
prove (-iT*— * ±) T*, which is valid in BBItd but not in BBIpD [3], and 
also (T* A {{p * q)—* A-)) — > {{p—* -L) V (q— * _L)), which is valid in separation 
models iff the composition is total |4] . These additional rules do not break cut- 
elimination. 

Oddly, the formula -.(T* A A A {B * -.(C-* (T* -> A)))), which is valid in 
BBInd, is very hard to prove in the display calculus and Park et al.'s method. 
We ran this formula using Park et al.'s prover for a week on a CORE i7 2600 
processor, without success. Very short proofs of this formula exist in LSbbi or 



Larchey-Wendling and Galmiche's labelled tableaux (this formula must also be 
valid in BBIpu). We are currently investigating this phenomenon. The proofs 
for the formulae in this section can be found in Appendix IA.16I 
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A Appendix 

This section provides the details of the proofs in this paper. 
A.l Soundness of LSbbi 



Proof for Theorem [TJ 



Proof. To prove the soundness of LSbbi, we show that each rule preserves falsi- 
fiabihty upwards, as this is a more natural direction in terms of backward proof 
search. Therefore to prove that a rule is sound, we need to show that if the 
conclusion is falsifiable, then at least one of the premises is falsifiable (usually 
in the same choice of v, p, and A^). Most of the cases are easy, we show some 
samples here. 

id Since there is no premise in this rule, we simply need to show that the con- 
clusion is not falsifiable. 

Suppose the sequent r;w:P\-w:P;Aia falsifiable, then F must be true 
and p{w) Ih A and p{w) \f A and A must be false. However, p(w) Ih A and 
p{w) \f A cannot hold at the same time for any (A^,i>, e), v and p, so we 
have a contradiction, thus this sequent is not falsifiable. 
T*L Assume : T* h Z\ is falsifiable, then P is true and p(w) Ih T* and A 
is false. 

From the semantics of T* we know that p(w) Ih T* iff p[w) — e. Therefore 
by choosing the same p, v, and Ai for the premise, replacing every tti by e 
in P and A preserves their valuations, as we know that p{e) = e. That is, 
P[e/w] must be true and Z\[e/i(;] must be false. So the premise is falsifiable. 
*L Assume the conclusion is falsifiable, so under some v, p, A4, we have that P 
is true and p{z) \\- A* B and A is false. 

From the semantics of we know that 3a, b s.t. a, b>p{z) and a Ih A and 

6 Ih _B. So we can choose a mapping p' with p' — [x t-^ a) U {y b) U p. Since 
X and y are fresh, they should not affect anything in p. Then, under p', the 
following hold: {x, y > z) is true and P is true and p'{x) Ih A and p'{y) Ih B 
and A is false. Thus the premise is falsifiable in v, p', and 7W. 
*R Assume under some v, p, and M, {x,y t> z) is true and P is true and p(z) 1/ 
A* B and A is false. 

The semantics oi A* B yields the following: 

p{z) \}^ A* B -i^ -'(3a, b. (a, b > p{z) and a Ih A and b Ih B)) 

■i^ Va, b. (a, b > p(z) doesn't hold or a\f A or b \f B) 

If we pick the same set of v, p, Ai for the premises, however, in both premises 
the relational atom {x,y > z) already exists, which means p{x),p{y) o p(z) 
holds. So the possibility is only that either p{x) \f A or p(y) \f B. Assume 
the former one holds, then the left premise is falsifiable, otherwise the right 
premise is falsifiable. 

Rules for additive connectives are straightforward, the cases for — * can be 
proved similarly as for * above. Structural rules E, A (and Ac), Eqi (and Eq2 
and U) can be proved by using the commutativity, associativity, and identity 
properties of the monoid structure respectively. □ 

A. 2 Substitution for labels 



The proof for Lemma [TJ 



Proof. By induction on ht{n). 

(Base case) If ht{II) = 0, then the only applicable rules are id, J-L, TR and 
T*_R. If the label x ^ e being substituted is not on the principal formula, then 
the substitution does not affect the original derivation. Note that since we do 
not allow to substitute for the label e, the proof for T*i? can only be this case. 
Otherwise we obtain the new derivation by simply replacing the label of the 
principal formula. 

(Inductive case) If ht{II) > 0, then consider the last rule applied in the deriva- 
tion. We consider three main cases. 

1. Neither x nor y is the label of the principal formula. 

(a) Suppose the last rule applied is T*L, and x w and y ^ w, and U is 
the following derivation: 

ill 

r'[e/w]hA[e/w] 
r';w:T*^A 

By the induction hypothesis, there is a derivation n[ of r'[€/w][y/x] h 
A[e/'w][y/x] with ht{n[) < ht{n\). Since x and y are different from 
w, this sequent is equal to r'[y / x\\e/w\ h Z\[?//a;][e/w]. Therefore 11' is 
constructed as follows. 

r'[y/x][e/w]^ A[y/T][e/w] 
r'[y/x\;w: T* h A[y/x] 
Obviously ht{n') < ht{n). 

(b) If the last rule applied is Eqi , we distinguish the following cases: x is not 
w or w'; X = w; X =: w' . 

\. X and x ^ w' . The original derivation is as follows. 

(e,'u;i>u;);r'[w/w'] h Z\ [■«;/«;'] 

(e,w'>u;);r hZ\ "^^^ 

A. \i y ^ w and y ^ w' , hy the induction hypothesis, there is a 
derivation i7( of {e,w>w);r'[w/w'\[y/x] h A[w / w'][y / x] with 
ht{n[) < ht{IIi). Since x, y, w, w' are different labels, this 
sequent is equal to (e, w\>w)] r'[y / x\[w /w'] h A[y/x][w/w']. Thus 
the derivation U' is constructed as follows. 

n[ 

{e,w>w)]r'[y/x\[w/w'] A[y/x][w/w'] 

{e,w'>w);r'[y/x\^ A[y/x\ 

B. If y = w, this case is similar to Case l.(b).i.A. 

C. Suppose y = w' . Then we need to derive (e,y > w);r'[y/x\ h 
Z\[y/a;]. If y ^ e, we construct U' by first applying Eqi bottom- 
up: 

{e,w t' w); r'[y / x\[w /y] h A[y/x][w/y\ 



{e,yt>w)-r'[y/x\^ A[y/x\ 



Now the premise is equal to {e,w\>w)]r'[w/y\[w/x\ h A[w/y\[w/x], 
and by the induction hypothesis, there is a derivation n[ of this 
sequent, with ht{n[) < ht{IIi). 
If y = e, then we need to apply Eq2, instead of Eqi: 
{e,e>e);r'[e/x][e/w]hA[e/x][e/w] 
{e,e>w);r'[e/x]h A[e/x] 

Note that the sequent (e, ei>e);I"[e/a:][e/'u;] I- zi[e/a:][e/w;] is the 
same as 

{e,e>e);r'[w/w'][e/w][e/x] h A[w/w'][e/w][e/x]. 

So the premise can be proved by two successive applications of 
the induction hypothesis to TTi, one using substitution [e/w] and 
the other using substitution [e/x]. Here we can apply the in- 
duction hypothesis twice to TTi because substitution does not 
increase the height of derivations. 

ii. x = w (so w cannot be e). 

A. If y ^ w', then II has the form: 

Hi 

{€,xt>x);r'[x/w'] h A[x/w'] 

{e,w'>x);r' ^ A 
By the induction hypothesis we have the folowing derivation: 

{e,yt-y);r'[x/w'][y/x] h A[x/w'][y/x] 
The end sequent is equal to the following: 

{e,y>y); r'[y/x] [y/w'] h A[y/x] [y/w']. 
Then by using Eqi, we construct 77' as follows. 

ni 

{e,y>y);r'[y/x][y/w']h A[y/x][y/w'] 

{e,w'>y);r'[y/x]hA[y/x] 

B. If y = w', then II has the form: 

{e,xt>.r):r-,r/!j]h A[.r/,j] ^ 

{e,y>x);r' h A 
By the induction hypothesis, we have the following derivation: 

n[ 

{<^,y>y)\r'[x/y][y/x\ h A[x/y][y/x] 
Since in the end sequent, we replace every y by a;, and then 
change every x back to y, the effect is the same as just keeping 
every y unchanged and only replace every x by y. Thus the end 
sequent is equal to: 

{e,y^y);r'[y/x]^ A[y/x] 
which is exactly what we need to derive. Therefore we let 77' = 
7T(. Notice that in this case ht{n') < ht{n). 

iii. x = w'. 



A. \iy and y 7^ e, the original derivation is as follows. 

Hi 

{e,w>w);r'[w/x\\- A[w/x\ 

— Eqi 



{e,x>w);r' h A 
By the induction hypothesis (instead of replacing every x by y, 
we now replace every y hy w), we have the following derivation: 

ni 

(e, w [> w); r'[w/x][w/y] h A[w / x][iv / y] 
The end sequent is equal to: 

{e,w>w);r'[y/x][w/y] h A[y/x][w/y] 
Thus n' is constructed as follows. 

{e,wt-w);r' [y/x] [w/y] h A [y/ x] [w/ y] 

{e,y>w);r'[y/x]hA[y/x] 

B. If y = e and w ^ e, we need to derive the following sequent: 

{e,e>w);r'[e/x] h A[e/x] 
By induction hypothesis, replacing every w by e in TIi, then using 
the rule Eq2, we get the new derivation: 

n[ 

{e,e>e);r'[e/x][e/w]hA[e/x][e/w] 

{e,e>w);r[e/x]h A[e/x] '^^ 

C. U y = w, then the premise of the last rule is exactly what we 
need to derive. 

(c) If the last rule applied is Eq2, we consider three cases: x 7^ w and y =^ w; 
X = w; and y = w. These are symmetric to the case where the last rule 
is Eqi, already discussed above. 
2. y is the label of the principal formula. Most of the cases follow similarly as 
above, except for T*L. In this case the original derivation is as follows. 

Hi 

r'[e/y] h A[e/y] 



r'-y : T* h Z\ 



Our goal is to derive r'[y / x];y : T* \- A[y / x]. Applying T*Z/ as in backward 
proof search, we get 

r'[y/x][e/y]hA[y/x\[e/y] 

Note that this sequent is equal to r'[e/y][e/x\ h Z\[e/y] [e/x], and from induc- 
tion hypothesis we know that there is a derivation of this sequent of height 
less than or equal to ht{n). 
3. X is the label of the principal formula. 

(a) For the additive rules, since the labels stay the same in the premises 
and conclusions of the rules, even if the label of the principal formula is 
replaced by some other label, we can still apply the induction hypothesis 
on the premise, then use the rule to derive the conclusion. 
For AL, 



Hi n[ 

r';x:A;x:BhA - r[y/x];y : A;y: B h A[y/x] 

r';x: AABh A r'[y/x];y : A A B h A[y/x] 

For AR, 



r'[y/x\^y:AAB;n[y/x\ 

For 





Hi 


n2 






r'hx:A;A 


r'hx: B;A 


AR 




r' h x : A A B; A 




n[ 






r'\y/x 


\hy:A;A[y/x] 


r'[y/x]^y: 


B: A\y/x] 




r'[y/x]hy: 
ill 


AAB-A[y/x\ 

n2 






r'\-x:A;A 


r'-x: Bh A 


L 




r';x: A- 


^ Bh A 










r'[y/x] 


hy: A-,A[y/x] 


r'[y/x]:,y:B 


h A{ylx\ 


E, 


r'[y/x];y:A 
Hi 


BV- A[y/x\ 






r';x:A\-x 
r'hx:A^ 


: B-A 

B:A 





r{ylx\;y: ti^ I\\ylx\ 

For 



r'\ylx\,y:A^y:B;A\ylx\ 



^ R 



r'\ylx\yy:A^B;A\ylx\ 

(b) For multiplicative rules that do not produce eigenvariables — * i, T*L) 
we can proceed similarly as in the additive cases, except for the T*L rule. 
For the T*L rule, if the label x of the principal formula is replaced by 
some (other) label y, i.e., 7J is 

ill 

r'{,lx\^ A{elx\ 
r;x:T*hZi 

then we then need a derivation of the sequent r'\ylx\ \ y : T* h Z\[j//a:]. 
Using T*L rule we have: 

r\ylx\\ely\V A\ylx\\ely\ 

r\ylx\-y:^*^ A\ylx\ 
Note that the premise now is equal to /^[e/x] [e/y] h Z\[e/a;][e/2/], and can 
be proved using the induction hypothesis on 77i . 
If ?; = e, then 77' is obtained by applying Lemma [T2] to 

(c) For the multiplicative rules that have eigenvariables (*L and — * i?), if 
the label of the principal formula is replaced by a label other than the 
newly created labels in the rules, then we proceed similarly as in additive 
cases. If the label of the principal formula is replaced by one of the newly 



created labels, then we just need to create a different new label in the 
new relation. 

For *L, we have the derivation: 

{y,zt>x)-,r'-,y : A;z : B'r A 

r';x:A*B\- A *^ 
If X is substituted by y (the case for substituting to z is symmetric), 
then wc need a derivation of r'[y/x];y : A * B h- A[y/x]. Note that 
since the *L rule requires the relation [y, z > x) to be fresh, so in the 
original derivation y and z cannot be in F or A. Therefore by induction 
hypothesis we must have a derivation n{ for 

{y',z'>x);r';y' -.A-z' -.Bh A, 

where y' and z' are new labels, such that ht{n[) < ht{n-\). Applying 
the induction hypothesis again to 7T(, we have a derivation 77" (y', z' > 
y);r'[y/x\;y' : A; z' : B ^ '^[y/x], with /it(7J{') < ht{ni). Thus the 
derivation 77' is constructed as foU^ws. 

(y', z' > y); r'[y/x];y' -.A-z'-.BV- A\ylx\ 



r'{ylx\,y:A^B^A\ylx\ 
The case for — * R is similar, su^ose 77 is: 

{y,x^z);r;y: AV z:B-A! 

^ R 



If X is replaced by y, then we have the following derivation. 

jy', y z');r[y/x];y' :Ahz':B; A'[y/x] 

r[y/x]hy:A-*B;A'[y/x] ~* 
If X is replaced by z, then we have the following derivation. 

{y',z>z');r[z/x];y' :A\-z' :B;A'[z/x] 

r[z/x]h z : A-* B;A'[z/x] * 



A. 3 Weakening admissibility of LSbbi 

Lemma 12. For all structures F. A, labelled formula w : A, and ternary relation 
{x,yt>z), if F h A is derivable, then there exists a derivation of the same height 
for each of the following sequents: 

F;w:A\-A F h w: A; A {x,y > z); F h A. 

Proof. By induction on ht{n). Since id, _LL, T7?, and T*R all have weakening 
built in, the base case trivially holds. For the inductive cases, the only nontrivial 
case is for *L and — * 7?, where new labels have to be introduced. These labels 
can be systematically renamed to make sure that they do not clash with the 
labels in the weakened formula/ relational atom. □ 



This yields the proof for Lemma [2] in the paper. Furthermore, we can prove 
more useful lemmas based on the weakening property. 

The next lemma shows that the assumption e : T* in the antecedent of a 
sequent is not used in any derivation, and since there is no rule that can be 
applied to it, so it can be removed without affecting provability. 

Lemma 13. If F; e : T* h A is derivable, then F \- A is derivable with the same 
series of rule applications. 

Proof. By a straightforward induction on the height of derivation n. 
(Base case) If n = 0, then F; e : T* \- A must be the conclusion of one of id, _LL, 
TR, T*R. Note that e : T* in the antecedent cannot be the principal formula of 
any of those rules, therefore those rules are applicable to F \- A as well. 
(Inductive case) If n > 0, consider the last rule in the derivation. It is obvious 
that e : T* in the antecedent of a sequent cannot be the principal formula of any 
rules, therefore it has to appear in the premise(s) of the last rule. Thus we can 
apply the induction hypothesis on the premise(s) and then use the corresponding 
rule to derive F \- A. □ 

In general, if a formula is never principal in a derivation, it can obviously be 
omitted. 

Lemma 14. If w : A is not the principal formula of any rule application in the 
derivation of F\w : A\- A (F \- w : A] A resp.), then there is a derivation of 
F h A with the same series of rule applications. 

If we combine the above lemma and the admissibility of weakening, then we 
can replace a formula that is never used in a derivation by any structure. 

Lemma 15. If w : A is not the principal formula of any rule application ( even 
though the label might be changed) in the derivation of F;w : A \- A (F \- w : 
A; A resp.), then there is a derivation of F;F' \- A (F \- A'; A resp.), and in 
the new derivation, the structure F (A resp.) is not altered except that certain 
labels in F (A resp.) are changed. 

Proof. By induction on the height of derivation n. 

(Base case) If n = 0, since w : A \s not the principal formula, the substituted 
sequent is also the conlcusion of rules id, _LL, TR, T*R. This is the same as the 
base case of the proof for Lemma [131 

(Inductive case) If n > 0, consider the last rule in the derivation. Since w : A is 
not the principal formula, for all rules except T*L, the original derivation has 
w : A in the premise(s) of the last rule, therefore we can apply the induction 
hypothesis on the premise(s) and then use the rule to get the desired derivation. 
We give an example here. 

For AL, suppose w : A is in the antecedent, the original derivation is con- 
verted as follows. 



n 

F;w:A;x:B;x:Ch A 



r;w: A;x : B AC h A 



AL 



n' 

F;F';x:B;x:Ch A 
F;F';x: B ACr A 



AL 



Other cases except T*L are similar. 

If the last rule is T*L, then we convert the derivation as follows. 



n 

r[e/w];e: A h A[e/w] 
r;w: A;w:T* h A 



T*L 



n' 

r[e/w]-r'[e/w\ h A[e/w] 
r;r';w : T* h Z\ 



Note that we incorporate two steps here. First, by induction hypothesis, we 
have a derivation of r[e/w]\r' h Z\[e/-u;]. Then by the Substitution Lemma, 
there is a derivation U' of r[t/w\\r'[e/w] \- Z\[e/ui], from which we can derive 
the final sequent. 

Therefore the only change to F' in the new derivation is that some of its 
labels might be changed by the rules T*L, Eqi^ or Eq2. □ 

Note 1. The admissibility of general weakening shows that if h Z\ is derivable, 
then F] F' h Z\; A' is derivable. A stronger argument here is that in the derivation 
of the latter sequent, F' and A' are never changed except that some labels might 
be changed. This is similar as in Lemma [TSl 

A. 4 Invertibility of rules in LSbbi 

Proof for Lemma [3l 

Proof. As the additive rules in LSbbi are exactly the same as those in Negri's 
labelled system for Modal logic or GSc (cf. [12]), the proof for them is similar. 
The main difference is that the rest of our rules are of different forms. However, 
as most of our rules do not modify the side structures, simply by applying the 
induction hypothesis and then using the corresponding rule, we get the new 
derivation. The cases where the last rule applied is T*L, Eqi, or Eq2 follow 
essentially the same, except a global substitution needs to be considered, but 
that is of no harm. 

Rules E, A, U, Ac, *R and — * L are trivially invertible as the conclusion is 
a subset of the premise, and weakening is height-preserving admissible. 

To prove the cases for *L and — * R, we do inductions on the height n of the 
derivation. In each case below, it is obvious that each premise is always cut-free 
derivable with less or same height as the conclusion. 

The case for *L is as follows. 
(Base case) If n = 0, then the conclusion of *L is one of the conlucsions of id, LL, 
TR, T*R, notice that the identity rule is restricted to propositions, therefore the 
premise of *L is also the conclusions of the corresponding axiom rule. 
(Inductive case) If n > 0, and the last rule applied is not *L or — * R, then no 
fresh labels are involved, so we can safely apply the induction hypothesis on the 
premise of the last rule and then use the rule to get the derivation. If the last 
rule is *L or — * R, but the principal formula is in F or Z\, we proceed similarly, 
and use the Substitution Lemma to ensure that the eigenvariables are new. If 
the principal formula is z : A* B, then the premise of the last rule yields the 
desired conclusion. 



The case for — * R foUows similarly. 

For T*L, again, we do an induction on the height n of the derivation. 
(Base case) If n = 0, then r;x:T*\-Ais the conclusion of one of id, _LL, 
TR, T*R, and x : T* cannot be the principal formula. Note that in the first 
three cases the principal formulae can be labelled with anything. Since, in the 
sequent /^[e/a;] h z4[e/a:], the label x is uniformly replaced by e, this sequent can 
be the conclusion of the corresponding rule as well. For T*R, since T* on the 
right hand side can only be labelled with e, so replacing a; to e does not change 
its label. Thus this case is not broken either. 

(Inductive case) If n > 0, consider the last rule applied in the derivation. 

1. If the principal formula or relation does not involve the label x, then we can 
apply the induction hypothesis directly on the premise of the last rule, then 
use the last rule to get the derivation. 

2. Otherwise, if the principal formula or relation has label x, and the last rule 
is not T*L, we proceed similarly, except replacing the label in the principal 
relation or formula. The detail is exemplified using *L. 

For *L, we have the following derivation: 

n 

{y,z>xy,r;x:T*;y:A;z:Bh A 
r;x:T*;x:A*Bh A * 

The condition of the rule *L guarantees that y and z cannot be in F and 
Z\, so we do not have to worry if they are identical to x. By applying the 
induction hypothesis and then using the rule, we get the following derivation: 

77' 

{y,zt>e);r[e/x]-y:A;z:BhA[e/x] 
r[e/x];e: A*Bh A[e/x] 

Another way to do this is by using the Substitution Lemma, replacing x by 
e, we get a derivation to the premise that has a redundant e : T*, since we 
know that this labelled formula on the left hand side does not contribute to 
the derivation, we can safely derive the sequent without it using the same 
inference, cf. Lemma [Ml 

The case where the last rule is — * 7? is similar. 

If the last rule is Eqi, we consider the following cases: 

(a) The label of T* is not in the principal relation (i.e., x ^ w and x ^ w'). 
The original derivation is as follows. 

77 

(e, ui > ui); 7^[?«/z/;']; x : T* h Z\[u)/w'] 

(e,M;'>M;);r;x : T* h Z\ '^^ 
By the induction hypothesis, we have the following derivation: 

77' 

(t,'w^w);r\wlw'\\tlx\ h A\wlw'\\tlx\ 
Note that since a;, w, w' are all different, the end sequent is equal to the 
following: 



(e, wt>w); r[e/x] [w/w'] h Z\[e/a;][K7/w'] 
from which we can use the rule Eqi and derive (e, w'^w); r[e/x] h Z\[e/a:]. 

(b) X = w. The original derivation is as follows. 

n 

(e,xt>x)]r\x/w'];x : T* h A\x/w'] 

Eq^ 

{e,w' i>x);r;x -.T* h A 

By the substitution lemma, replacing every a; by e in the premise of the 

last rule, we get the following derivation: 

77' 

{e,e>e);r[x/w'][e/x]-e: T* h A[x/w'][e/x] 
The end sequent is equal to: 

(e, e > e); r[e/x] [e/w'];e : T* h A[e/x] [e/w'] 
By Lemma [T51 e : T* in the antecedent can be omitted. Apply the Eqi 
rule on this sequent without e : T*, we finally get {e,w' > e);r[e/x] h 

(c) X — w' . The original derivation is as follows. 

77 

(e, w > w); r[w/x];w : T* h Z\[w/a;] 

{e,xt>w)]r]x :T*\- A ^'^^ 
By the induction hypothesis, we have the following derivation: 

77' 

(e, et> e); r[w/x] [e/w] h [e/w] 
Now the end sequent is equal to: 

{e,et>e);r[e/x][e/w] h A[e/x][e/w] 
By using the rule Eq2 on this sequent, we derive (e, e>w); r[e/x] h Z\[e/x]. 
The case where the last rule is Eq2 is similar to the case for Eqi . 
If the last rule is T*L, then the derivation to the premise of the last rule 
yields the new derivation. 

The invertibility of Eqi and Eq2 follows from the Substitution Lemma, as 
the reverse versions of these two rules are only about replacing labels. □ 



A. 5 Contraction admissibility of LSbbi 

Lemma 16. For all structures F, A, and labelled formula w : A, the following 
holds in LSbbi-' 

1. If there is a cut-free derivation 77 of F]w : A;w : A \- A, then there is a 
cut-free derivation 77' of F]w : A\- A with ht{n') < ht{n). 

2. If there is a cut-free derivation U of F \- w : A]w : A] A, then there is a 
cut-free derivation U' of F \- w : A; A with ht{n') < ht{n). 

Proof. By simultaneous induction on the height of derivations for the left and 
right contraction. Let n — ht{II). 

(Base case) If n = 0, the premise is one of the conclusions of id, LL, TR and 
T*7?, then the contracted sequent is also the conclusion of the corresponding 
rules. 



(Inductive case) If n > 0, consider the last rule applied to the premise of the 
contraction. 

(i) If the contracted formula is not principal in the last rule, then we can 
apply the induction hypothesis on the premise(s) of the last rule, then use the 
rule to get the derivation. 

(ii) If the contracted formula is the principal formula of the last rule, we 
have several cases. For the additive rules the cases are reduced to contraction on 
smaller formulae, cf. [T^ . 

For T*L, we have the following derivation: 

n 

r[e/x];e: T* h A[e/x] 



r:x ■.T*:x -.T* h A 



T*L 



Note that the only case where T* is useful on the left hand side is when it 
is labelled with a world other than e. Since the substitution [e/e] does not do 
anything to the sequent, U can also be the derivation for r[e/x] h Z\[e/x], cf. 
Lemma fTSl which leads to r;x : T* h A. 

For *i? and — * L, we can apply the induction hypothesis directly on the 
premise of the corresponding rule since the rules carry the principal formula into 
the premise (s). 

For *L, we have a derivation as follows. 



n 

{x, y > z); F; z : A * B] x : A] y : B h A 



B: z : A * B; z : A * B \- A 
Apply the Invertibility Theorem on the premise of *L, we have: 

n' 

{x, y > z); (x', y't>z);r;x' -.A-^y' -.B-^x-.A-^y.Bh A 

The Substitution Lemma yields a derivation for (x, y>z); {x, yt>z); r;x : A;y : 
B;x : A;y : B \- A. Apply the induction hypothesis twice and admissibility of 
contraction on relational atoms on this sequent, to get a derivation for (x, y > 
z);r;x:A;y:B\-A. Apply *L on this sequent to get F; z : A * B \- A. 

The case for —* R follows similarly. We have a derivation as follows. 

n 

{x,y > z); r-x : Ah z : B;y : A-* B; A 

Fhy: A-* B; y : A-* B;A * 

The Invertibility of — * R in the premise yields: 

n 

{x, yc> z); (x', y t> z')] F; x : A; x' : A\- z : B; z' : B; A 

We obtain (x, y > z);{x,y > z);F;x : A;x : A h z : B; z : B; A hy the 
Substitution Lemma. Apply induction hypothesis twice, and the admissibility 
of contraction on relations on this sequent, to get {x,y > z); F; x : A \- z : BA. 
Finally, apply — * R, to derive F \- y : A~* B; A in the nth step. □ 



A. 6 Cut elimination 



The proof for Theorem [3l 

Proof. By induction on the complexity of the proof in LSbbi- We show that 
each application of cut can either be eliminated, or be replaced by one or more 
cut rules of less complexity. The argument for termination is similar to the cut- 
elimination proof for dip [I2j . We start to eliminate the topmost cut first, and 
repeat this procedure until there is no cut in the derivation. We first show that 
cut can be eliminated when the cut height is the lowest, i.e., at least one premise 
is of height 1. Then we show that the cut height is reduced in all cases in which 
the cut formula is not principal in both premises of cut. If the cut formula is 
principal in both premises, then the cut is reduced to one or more cuta on smaller 
formulae or shorter derivations. Since atoms cannot be principal in logical rules, 
finally we can either reduce all cuts to the case where the cut formula is not 
principal in both premises, or reduce those cuta on compound formulae until 
their cut heights are minimal and then eliminate those cuts. 
(Base case) If at least one premise of the cut rule is id, ±L, Ti?, or T*i?, we 
consider the following cases: 

1. The left premise of cut is an application of zd, and the cut formula is not 
principal, then the derivation is transformed as follows. 

,d ^ 

r;y: Bh y: B;x : A;A r';x:AhA' ^ 

cut 



r-r-y.Bhy.B-A-A' 

r;r';y:Bhy:B;A;A' 

The same transformation works for _LL, Ti?, T*i? in this case. 
2. The left premise of cut is an application of id, and the cut formula is principal, 
then the derivation is transformed as follows. 



id 



n 



r;x: A'r x: A;A r'-x:A^A' 

r-r'-x:A^ A;A' ''"^ 

n 

r'-x:A^A' _ 
-f,r'-x^A{A Theorem!!] 

3. The left premise of cut is an application of Ti?, and the cut formula is 
principal, then the derivation is transformed as follows. 

n 

x:T;A r'\x:J^A' ^ 
cut 



r- r' h A; A' 
77' 

r' y- A' 

~f-r~y-~A-W Theorem [2] 



As a; : T cannot be a principal formula in the antecedent, by Lemma 1141 
there is a derivation 77' of F' h A' . 
The same holds for T*R. 

4. The right premise of cut is an application of id, LL, T R or T*_R, and the 
cut formula is not principal. This case is similar to case 1. 

5. The right premise of cut is an application of id, and the cut formula is 
principal. This case is similar to case 2. 

6. The right premise of cut is an application of _LL, and the cut formula is 
principal. This case is similar to case 3. 

(Inductive case) If both premises are not in one of the base cases, we distinguish 
three cases here: the cut formula is not principal in the left premises; the cut 
formula is only principal in the left premise; and the cut formula is principal in 
both premises. 

1. The cut formula is not principal in the left premise. Suppose the left premise 
ends with a rule r. 

(a) If r is T*L, w.l.o.g. we assume the label of the principal formula is y 
(which might be equal to x). The original derivation is as follows. 
Hi 

r[e/y]hx:A;A[e/y] 

T*L 



r;y:T*^x:A;A r';x:A^A' 

r;r';y:T*[- A;A' ''"^ 
By the Substitution lemma, there is a derivation II2 oi r'[e/y];x : A h 
zi[e/2/]. Thus we can transform the derivation into the following: 

r [c/y] hx:A;A [e/y] F' [e/y] -x-.AVA [e/y] 



r[e/y];r[e/y]hZ\[e/j/];zi'[e/y] 

— T*L 



■ cut 



r;r';y: T* h A; A' 
If a; = y in the original derivation, then the new derivation cuts on e : A 
instead. As substitution is height preserving, the cut height in this case 
is reduced as well. 

(b) If r is Eqi, and the label x of the principal formula is not equal to w' , 
the original derivation is as follows. 

Hi 

{€,wt-w);r[w/w']h X : A;A[w/w'] 772 

Eq 



{e,w'\>w);rhx:A;A r';x:AhA' 

{e,w't>w);r-r'hA-A' 
This cut is reduced in the same way as the T*L case, where we get 7T2 
from the Substitution Lemma: 

Hi n'^ 

(e, w > w); r[w/w'] h x : A; A[w/w'] r'[w/w'];x : A h A'[w/w'] 



(e, w > w);r[w/w'];r'[w/w'] h A[w/w']; A'[w/w'] 

Eqi 



cut 



ie,w't>w);r;r'^A;A' 



If X = w', then we cut on w : A instead in the reduced version. 

(c) If r is Eq2, the procedure follows similarly as the case for Eqi above. 

(d) If r is a unary inference except for T*L, Eq\, and -Bg2, then the original 
derivation is as follows. 

ill 

r'rx-.A-A ^ r';x:A^A' 



r- r' h A; A' 
Then we can delay the application of cut as follows. 

ill ii2 
ri\-x:A;Ai r';x:A\-A 
ri;r'^Ai;A' 

■ r 



cut 



cut 



r-r' h A- A' 

Note that as all our rules except T*_L, Eqi, and Eq2 do not modify side 
structures, F' and A' in the premise of r are not changed. The complexity 
of the original cut is {\x : A|, |i7i| + 1 + |J72|), whereas the complexity of 
the new cut is {\x : A\, \ni \ + |i72|), so the cut height reduces, 
(e) If r is a binary inference, we can transform the derivation similarly. 

i7i 772 
A h X : A; Zii 1^2 h a; : A; Zia i^s 



r\-x:A;A r';x : A\- A' 

r- r' h A; A' 



cut 



ill iT3 iT2 i^s 

rihx:A;Ai r';x:A\-A' Ei'rx-.A-Ai F'-x-.A^A' 

cut = — -rrr. — : T, cut 



Fr,F'^Ar,A' F2;F'^ A.2;A' ^ 

F;F'hA;A' 

The complexity of the original cut is {\x : A\,max{\ni\, |i72|) + H-|ii3|), 
and that of the new two cuts are (|a; : A\, |i7i| + |i73|) and (|a; : A\, |i72| + 
iTTal) respectively. Thus the cut heights are reduced. 

2. The cut formula is only principal in the left premise. We only consider the 
last rule in the right branch. The proof of this case is symmetric to those in 
Case 1. 

3. The cut formula is principal in both premises. We do a case analysis on the 
main connective of the cut formula. If the main connective is additive, then 
there is no need to substitute any labels. 

For A, 



i7i i72 n- 



3 



F\-x:A;A Fhx:B;A F'; x : A; x : B h A' 



Fhx:AAB;A F';x : AaB^ A' 

F:F'hA:A' 



For 



7T2 il3 

77i rhx:B;A r'-x:A;x:BhA' 

rhx:A;A r;r';x:A^ A; A' 

r;r;r' h A;A;A' I~ ''"^ 

- ~f -"r" |I 2\~zi' ~ ~ Theorem El 



ni 7T2 773 



cut 



r';x : A\- X : B;A' r h x : A; A r;x:B^A 

R — 3 -^L 



r"r X : A ^ B; A' F-^x-.A^B'rA 
r\r' h A; A' 



cut 



cut 



77i 7T3 

iTa r'-x : A^ X : B-A' r;x:BhA 

r^x:A;A B; T' ; x : A h- A; A' 

r;r;r'h A;A:A' I~ ''''^ 

- 'pTpT p ~ ~ Theorem El 

For both A and — >, cut is reduced to appUcations on smaller formulae, there- 
fore the complexity of the cut reduces. 

There is an asymmetry in the rules for T*. That is, the left rule for T* 
requires that the label w of T* cannot be e, whereas the right rule for T* 
restricts the label of T* to be e only. As a consequence, when the cut formula 
is T*, it cannot be the principal formula of both premises at the same time. 
Therefore the cases for T* are handled in the proof above. 
When the main connective of the cut formula is * or — * , the case is more 
complicated. For *, we have the following two derivations as the premises of 
the cut rule: 

ill 772 
{x,y \> z); r h X : A; z : A * B; A (x, y l> z); T \- y: B; z : A * B; A 
{x,yt> z);r \- z : A* B;A 

and 

7?3 

{x',y'f>z);r';x' : A;y' : B \- A' 



r'-z:A*B^ A' 

And the cut rule gives the end sequent (x, y > z); F; F' h- A: A' . The com- 
plexity of this cut is {\A* B\,max{\ni\, |772|) + 1 + |7T3| + 1). 
We use several cuts with less complexity to derive (a:, y> z); F; F' h A; A' as 
follows. 
Firstly, 

7I3 

7Ti {x',y'i>z);F';x' ■.A;y' -.B^ A' 



{x,yt>z)\F^x:A\z:A*B\A F';z : A* B h A' 

{x,y>z);F;F'hx:A-A;A' """^ 



The complexity of this cut is (|^ * B\, |7Ti| + jl^al + 1)), thus is less than the 
original cut. 

The second cut works similarly. 



7J2 {x',y'>z);r';x' :A;y' -.BhA' 



{x,yi>z);rhy:B;z:A*B;A F'; z : A * B \- A' 

PI if 

{x,y>zy,r;r'hy:B;A;A' 
The third cut works on a smaller formula. 

{x, y>z);r;r' h X : A; A; A' {x,y> z);r';x : A;y : B \- A' 

cut 

{x, y > z); (x, y t> z); F; r ; F'-y-.B^A; A'- A' 

The cut formula is x : A, thus the complexity of this cut is less regardless of 
the height of the derivations. 

Note that in the branch, the *L rule requires that the relation (x', y' > z) 
is newly created, so x' and y' cannot be e and they cannot be in F' or A' . 
Therefore we are allowed to use the substitution lemma to get a derivation 
iTg of {x,y^ z)]F']x : A;y : B \- A' by just substituting x' for x and y' for 

y- 

Finally we cut on another smaller formula y : B. 

{x,y\>z);r-r' \-y:B;A;A' ix,y'> z); {x,y > z); F; F' ■ F' -y: B h A; A'; A' 

cut 

{x, y>z); {x, y>z);{x,y>z)-F- F; F'; F' ■ F' h A; A; A'; A'; A' 

The complexity of this cut is less than the original cut. We then apply the 

admissibility of contraction to derive (x, y > z); F; F' h A; A'. 

The case for — * is similar. The two premises in the original cut are as follows. 

Hi 

{x',y]> z');F';x' : A \- z' : B; A' 



r"ry: A-* B; A' 

and 

Hz n-s 

{x,yt> z);F;y : A-* B h x : A; A {x,y> z);F;y : A-* B;z: B\- A 
(x, y>z);r;y : A-* B\- A 

And the cut rule yields the end sequent (x, y>z);r;r'\-A;A'. We use two 
cuts on the same formula, but with smaller derivation height. 

{x',y>z');F'-x' -.A^ z' -.B-A' iJa 

^ R 



r'\-y: A^ B; A' {x,y > z); r;y : A^ B\-x:A;A 

cut 

{x,y>zy,r;r'\-x:A;A;A' 



ill 

ix',y^zy,r';x' -.Ahz' -.B-A' _^ ^ n, 

r"r y: A-* B; A' * {x,y O z); T-y: A-* B; z : B \- A 

; ; cut 

{x,y> z);r-r';z : B \- A; A' 

Then we cut on a smaller formula x : A. 

{x, y>z);r;r' h X : A; A; A' {x,y t- z); T'; x : A h z : B; A' 

nit 

{x, y>zyAx,y>z);r; T'; F' h z : B; A; A'; A' 

Again, in the original derivation, x' and z' are fresh in the premise of — * R 
rule, thus by the Substitution Lemma we can have a derivation 11 [ of the 
sequent {x,y > z)] r';x : A \- z : B;A', with x' substituted to x and z' 
substituted to z. 
Then we cut on z : i?. 



{x, y>z);{x,y>z);r; F'; F' \- z : B; A; A' ; A' {x,y t> z); T; T' ; z : B \- A; A' 
(x, yt>z);{x,yt>z);{x,yt>z)- T; T; F'; F'; F' h A- A- A'- A'; A' 

In the end we use the theorem of admissibility of contraction to obtain the 
required sequent (x, y i> z)] F] F' h A; A' . 

□ 



A. 7 Permutation of structural rules in LSbbi 
Proof for Lemma (5] 

Proof. To prove this lemma, we need to show that if a derivation involves the 
structural rules, we can always apply them exactly before *i? and — * L, or before 
zero-premise rules. We show this by an induction on the height of the derivation. 
Since we do not permute structural rules through zero-premise rules, the proof in 
the base case and the inductive step are essentially the same. Here we give some 
examples of the permutations. Assuming the lemma holds up to any derivation 
of height n — 1, consider a derivation of height n. 

1. Permute the application of Eqi or Eq2 through non-zero-premise logical rules 
except for *R and — * L. Here we give some examples, the rest are similar, 
(a) Permute Eq2 through additive logical rules is trivial, this is exemplified 
by AL, assuming the label of the principal formula is modified by the 
Eq2 application. The original derivation is as follows. 

n 

(e, e > e)\F[t/w\]e : A;e: Bh A[€/w] 

{e,e>e);F[e/w];e: AABh A[e/w] 

{e,e>w)]F;w: AAB^ A 
The derivation is changed to the following: 



n 

(e, e > e);r[e/w\]e : A; e : B h A[e/w\ 
(e, e> w);r; w : A; w : B h Z\ 



{e,e>w);r;w: AAB'r A 
(b) Permute -Bgi through T*L, assuming the label of principal formula is w. 
The derivation is as follows. 

n 

{e,e\>e);r[w/w'][e/'w\ h A[w/w'][e/w] 



{e,w^w)]r[w/w']:w : T* h A[w/i 
{e,w' ^w);r-w' A 
We modify the derivation as follows. 

n 

{e,e>e)-r[e/w'][e/w] h A[e/w'][e/w\ 
{e,tt>w);r[t/w']^ A[e/w'] 

T L 



-T*L 
Eqi 



Eq2 



{e,w'>w);r;w' : T* \- A 
Notice that the premises of the two derivations below 77 are exactly the 
same. The application of Eqi in the original derivation is changed to an 
application of Eq2 in the modified derivation. However, this does not 
break the proof, as the induction hypothesis ensures that either of them 
can be permuted upwards. 

Also, the label of principal formula in the rule T*L cannot be the one 
that is replaced in the rule Eq2 below it, this is the reason we do not 
exemplify this situation using Eq2. 
(c) Permute Eq2 through *L, assuming the label of principal formula is z, 
and it is modified by the Eq2 application. 

n 

{x, y>e);{e,e>e); r[e/z]; x:A;y:B\- A[e/z] 



{€,e>ey,r[€/z];e:A*BhA[e/z] 

- bjq2 



{e,et>z)]r]z: A^B'r A 
Since x and y are fresh labels, they will not be affected by Eq2. Thus 
the derivation can be changed to the following: 

77 

{x, y e); (e, e > e); r[e/ z];x ■.A;y:B^ A[e/z\ 



{x,y>z);{e,e>z);r;x:A\y:B'r A 



Eq2 



{e,e\>y)\r\z : A^B'r A 
Since Eqi and Eq2 only globally replaces labels, their action can be safely 
delayed through all the rules other than *7? and — * L. The applications 
of these two rules after the last *R or *L will be delayed until the zero- 
premise rule is necessary. 
2. Permute the applications oi E, U, A, and Ac through non-zero premise 
logical rules other than *R and — * L. Again, we give some examples, the 
rest arc similar. 

(a) Permute E through T*L, assuming the label of the principal formula is 
y. The original derivation runs as follows. 



n 

(e, x>z);{x,e>z)] r[e/y] h A[e/y] 



{y,x>z)\{x,y\>z);r-y:T* \- A 

{x,y>z);r;y:T*h A 
The new derivation is as follows. 

n 

(e, x>z);{x,e>z); r[e/y] h A[e/y] 
{x,e>zy,r[e/y]\-A[e/y] 

I 1j 



E 



{x,yt> z);r;y : T* \- A 
This shows that if the logical rule only does substitution, delaying the 
application of structural rules makes no difference, 
(b) Permute U through *L, assuming the label of the principal formula is z. 
The original derivation is as follows. 

n 

{x, yt>z);{z,et>z);r;x:A;y:B\- A 



(z,e> zy,r;z : A*B\- A 



*L 



U 



r;z:A*B\- A 
The new derivation is as follows. 

77 

{z, c [> - ): (■(■• !J l> r.): F: .r : _1: ij : B h A 

{x,y>z);r;z:A*B\-A 

r;z:A*B\-A *^ 
Since the labels x and y are all fresh labels, it is safe to change the order 

to rule applications as above. 

Additive logical rules are totally independent on the relational atoms, so 
those cases are similar as the one shown above, except that those rules 
do not add relational atoms to the sequent. 

□ 



A. 8 Soundness of LS'^^j 

Theorem 8. // there is a derivation U for a sequent F \- A in LS%gj, then 
there is a derivation U' for the same sequent in LSbbi- 

Proof. By induction on the height n of 77. 

1. Base case: n = 1. In this case the only rule must be a zero-premise rule. If 
the rule is _LL or T7i, then we can use the same rule in LSbbi, since they 
are the same. Otherwise, suppose the rule is id, then 77 reads as follows. 

G l-£ (wi = W2) 
r-wx: P\- W2: P; A 

Since Q \-e {wi = W2) is true, there is a sequence a of Eqi, Eq2 applications 
such that S{G, cr) is defined and Wi0 = W2O, where 9 = suhst(a). Therefore 
we can construct 77' are follows. 



r0;wie : P h : P;A9 



'.a 

r]wi: W2: P;A 

If the rule is T*i?, 7J is: 



We construct 77' similarly, as w9 = e after the application of a. 



'.a 

rVw:^*\A 



Inductive cases: suppose every sequent that is derivable in LS'ggj with height 
less than n is also derivable in LS bbi, consider a LS^qj derivation of height 
n. We do a case analysis on the bottom rule in the derivation. 

(a) If the rule is AL, AT?, L, ^ R, *L, *R, E or [/, we can use the same 
rule in LSbbi, since nothing is changed. 

(b) If the rule is T*L, then 77 must be the following: 

Hi 

{e,wt>e);rh A 
r;w:T*h A 

By the induction hypothesis, {e,w > e);7^ h Z\ is derivable in LSbbi- 
Applying Lemma [T] (substitution for labels in LSbbi) with [e/w], we 
obtain (e, e > e); 7^[e/w] h Z\[e/w]. Thus we construct 77' as follows. 

{e,e>e);r[e/w]\- A[e/w] 
{w,et>w);r;w ■.T*\- A 

r-w:T*h A " 

(c) If the rule is *R, 77 runs as follows. 

77i 772 

{x,y t> z'); r \- X : A; z : A * B- A {x,y t> z'); F h y: B; z : A * B; A 

{x,y> z');r \- z : A* B;A 
The condition on the *7? rule is G {z = z'). Let a be the sequence of 
Eqi,Eq2 applications such that S{G,<j) is defined and, z6 = z'9 holds, 
where 9 — subst{a). Also, applying the induction hypothesis on 77i and 
772, we obtain the LS bbi derivations for each branch respectively. Then 
with the help of the Substitution lemma, we get two derivations as fol- 
lows. Note that we use dashed lines when applying the Substitution 
lemmas. 

n[ 

{x,y\>z')\r^x:A\z:A*B;A 



{xe,yet> z'e);re \- xe ■. A; ze ■. a * B; Ae 



and 



n'2 

{x,yt>z');rh y: B;z : A* B;A 

~{xe~y~e >^e)-~re h ye'. b~z9 ri"*~B~ A9 ''""'""'^ 

Then we can apply *R and obtain {x9, y9\>z'9)\ F \- zO : A*B; A9. Then 
by applying a we obtain the end sequent as follows. 

{xO, yd t> z'6);r \- z6 : A * B; A6 

'.a 

{x,yt> z');r \- z : A*B;A 
The case for — * L is treated similarly, 
(d) If the rule is A, the treatment for the equality entailment is the same. 
n is in the following form: 
Hi 

(u, w t> z); {y, V > w); (a:, y \> z); (it, v > a;'); P h Z\ G {x — x') 

A 

{x, y t> z); (u, V t> x'); F \- A 
Let S{Q, a) yield xd — x'9, where 9 — subst{a), we obtain 77' as follows. 

n[ 

{u, w > z); (y, V t> w); {x, y t> z); {u,v t> x'); F \- A 
~{u9~we>z~9)~{y9, ve>w9j; {x^'yO > z9);~{ue~v~0 > x'9)~f9fA9 """"""'^ 
{x9, y9 > z9)\ {u9, v9 > x'9y, F9 h A9 

:a 

(x, y > z); {u,v > x'); F h A 
The case for Aq is similar. 

□ 



A. 9 Completeness of LS'^gj 

To prove the completeness of LS^ggj , firstly we add Eqi and Eq2 in LS'ggj and 
show that the resultant system has the same power as LSbbi- Then we prove 
the admissibility of Eqi and Eq2 in LS^gj. 

Lemma 17. If a sequent F h A is derivable in LS bbi, then it is derivable in 
LS^BBI + Eqi + Eq2. 

Proof. By induction on the height of the LS bbi derivation. Since with Eqi and 
Eq2, most of other rules become identical, the only non-trivial case is T*L. 
In LS BBI, the derivation runs as follows. 

77 

F[€/w] h A[€/w] 
F;w:T*hA 



By the induction hypothesis, there is a derivation for F[e/w] h Z\[e/w] in 
LS%Bi + Eqi + Eq2. Therefore we construct the derivation as follows. 



77' 

r[e/w] h A[e/w\ 
\e,e>e)-r[e/w]fA[e/w\ 
(e,w>e);rhZi 

□ 

Lemma 18. If Q[x/y];{e,x > x) \-e iwi[x/y] — W2[x/y]) then Q;{e,y i> x) he 

{Wi ^W2). 

Proof. Let G' ^ Q;{e,yt>x) and S{Q'[x/y],(j) yield {wi[x/y]6 = W2[x/y]6), we 
show that 5' I^B (a; = y) by following: 

g'[x/y\B K[xAj]0 = W2[x/y]e) 

Q'[x/y\ [wilx/y] = W2[xly]) 
{e,y>x) \-E (x = y) 

□ 

Now we show that Eqi is admissible in LS'^g^j. 

Lemma 19. If {e,x t> x); r[x/y] h Z\[a::/j/] is derivable in LS%gj, then {e,yt> 
x); r \- A is derivable in LS'ggj. 

Proof. We show that Eqi can always permute up through all other rules, and 
eventually disappear when it hits the zero-premise rule. Since Lemma |6] is suf- 
ficient to show the permutations through nagative rules, here we particularly 
show the cases for positive rules. 

1. First let us show the cases for the zero-premise rules. _L7v and TR are trivial, 
as they are applicable for an arbitrary label. The permutation for id runs as 
follows, where G is the set of relational atoms in (e, y > x); P. 

G[x/y] {wi[x/y] = W2[x/y]) 

id 

{e,x!>x);P[x/y];'Wi[x/y] : P h W2[x/y] : P;A 

Eqi 

{e,y>xy,P;wi ■.Phw2:P;A 

By Lemma [T8l if G[x/y] \-e iwi[x/y] = W2[x/y]) then G I~_e (wi = W2) (note 
that this is because {e,y>x) G G). Therefore we can apply id directly on the 
bottom sequent, and eliminate the Eqi application. 

The case for T*7? is treated similarly. As we have shown, structural rules 
can permute through T*L, AL, AT?, L, ^ R, *L and — * 7?, so these cases 
arc left out here. 

2. Permute Eqi through E, assuming the label being replaced is y. The original 
derivation is as follows. 

77 

(w, X, t>z); {x, w \> z); (e, w > w); P[w/y] h Z\[w/y] 

E 

(x, w t> z); (e, w > w); P[w/y] h Z\[u'/y] 

Eqi 

{x,y>z)] {e,yt>w);P \- A 



The permuted derivation is as follows. 

n 

(ui, X, t>z); {x, w z); (e, w t> w); r[w/y] h Z\[w/y] 

Eqi 

{y, X > z); (x, y i> z)\ (e, y > w); Th Z\ 

E 

(x,y>z); (e,j/>w;);rh Z\ 

3. Premute Eqi through U , assuming the replaced label is x. Then the deriva- 
tion runs as follows. 

n 

(w, e > w); (e, w > w); r[w/x] h Z\[u)/x] 

u 

{t,w^w)]r[w/x\ ^ A[w/x\ 
{t,x\>w);r ^ A 

We modify the derivation as follows. 

n 

{w, e > w); (e, w > w)] r[w/x] h Z\[ii;/.T] 
(x, e > x); (e, X > w); r \- A 
{e,xt>w);r 'r A 

Note that we can also generate {w, e>w) directly using the U rule, but the 
effect is the same. 

4. Permute Eqi through *R. Suppose the principal relational atom of Eqi is 
not the same as the one used in *R, let Q be the set of relational atoms in 
(e, w > w'){x, y\>z')] F, the derivation runs as follows. Here we write {F h 
Z\)[a;/2/] to mean that replace every y by x in the entire sequent. The equality 
entailment is G[w' /w] \-e {z[w'/w] — z'lw'/w]) (to save space, we do not 
write the constraint in the derivation). 

{{€,w' >w'){x,y>z');F h z : A * B; A)['w' /w] 
{e,wt>w'){x,yt> z');F\- z : A* B;A 

The two premises of the *R rule application are listed below. 

((e,w' > w'); {;x,y > z'); F \- X : A; z : A * B; A)[w' /w] 
{{e,w't>w'); {x,y>z');FV- y: B;z: A* B;A)[w'/w] 

By Lemma Il8l since Q[w' /w] \~e {z[w'/w] = z'[w'/w]), and {e,w>w') £ Q, 
Q '^E {z = z') holds. Therefore we have the following two derivations: 

((e, w' t> w'); {■,x,y> z')]F V- x: A;z : A* B;A)[w'/w] 

Eqi 

(e, wt>w');{;x,y> z')\ F ^ x : A\z : A* B; A 

and 

((e,w' ow'); {x,y^z')\F^ y:B;z:A* B;A)[w'/w] 
(e, w w'); {x, y > z');F \- y : B; z : A * B; A 



then we use the *R rule, where the equahty entaihrient is Q {z — z'), to 
obtain the end sequent (e, w > w'){x, y > z'); F \- z : A * B; A. 
If the principal relational atom is used in the *R rule, the permutation is 
analogous. The permutation through — * L is similar. 
5. Permutation through A. We show the case where the principal relational 
atom in Eqi is not in A, the other cases are similar. The original derivation 
is as follows. 

((e, w > w); {u, w t> z); {y,v t> w); {x, y l> 2); (u, v > x')\ F h A)[w /w'\ 

A 

{{e,w t> w); {x,y t> z); {u,v > x'); F h A)[w/w'] 

(e, w' >w); (x, y t> z); {u,v t> x'); F \- A 

The condition on the A rule is Q[w/w'] \-e {x[w/w'] = x'lw/w']). By 
Lemma [T51 G {x — x') holds. Therefore the derivation is transformed 
into the following: 

((e, w' > w); {u, w t> z); {y, v > w); {x, y t> z); {u, v > x'); F h Zi)[u)/?i;'] 
(e, w' > w); {u,w > z); {y,v > w); {x,y t> z); {u,v > x')] F h A 

A 

(e, w' t> w); {x, y t> z); (ti, v > x'); F \- A 
The condition on the A rule is Q {x ~ x'). Ac is treated similarly. □ 

Lemma 20. // {e,y t> y); F[y /x] h Z\[?;/a;] is derivable in LS^^j, then (e, y > 
x); F \- A is derivable in LS'ggj. 

Proof. Symmetric to the proof in Lemma fTOl □ 

Theorem 9. // a sequent is derivable in LSbbi, then it is also derivable in 
L^BBI ■ 

Proof. Immediate by Lemma [T71 [121 HOI □ 
A. 10 Substitution lemma for LS'^^j 

This section proves the substitution lemma for the intermediate system LS'ggj, 
as this will be used in some proofs. 

Lemma 21. // Q \-e {x — y) then for any substitution [s/t], where t ^ e, 
g[s/t] hfi {x[s/t]^y[s/t]). 

Proof. Let (Q,a,(f>) be the solution to Q (x = y), wc prove this lemma by 
induction on the length of a. 

1. Base case, a is an empty sequence. In this case, the sequence of substitutions 
(p is also empty, therefore x = y. As a. result, it must be the case that 
x[s/t] = y[s/t], so g[s/t] \-E {x[s/t] = y[s/t]) trivially holds. 

2. Inductive case, assume |(t| — n. Let us look at the first rule application in a. 
Assume this rule is Eqi (the case for Eq2 is symmetric), and the principal 
relational atom is (e, ut>v), then a is as follows. 



g^) \-E [xcj) = y^) 

la' 

g'[v/u];{e,v>v) {x[v/u] =y[v/u]) 
Q'; {e,ut>v) \-e {x = y) 

(a) 1iu = t and v = s, then the premise of the last rule application is already 

what wc need. 

(b) li u — t and v ^ s, we obtain the desired entailment as follows {IH[x/y] 
stands for applying the induction hypothesis with the substitution [x/y], 
we use double line to mean that the premise and the conclusion are 
equivalent). 

IH[v/s] 

Q'[v/u][v/s];{e,v>v) (x[v/u][v/s] = y[v / u][v / s]) 
g'[s/u][v/s];{e,vt>v) h_E (x[s/u][v/s] = y[s / u][v / s]) 

g'[s/u];{e,s>v) {x[s/u] =y[s/u]) 

(c) If u = s, we prove the substituted entailment as follows. 

IH[v/t] 

g'[v/u][v/t];{e,v>v) hg {x[v/u][v/t] = y[v/u][v/t]) 
g'[u/t][v/u\; {€,v>v) \-E {x[u/t][v/u\ = y[u/t][v/u]) 

g'[u/t]; (e, u>v)^E {x[u/t] = y[u/t]) 
Note that under this case if v = t, the proof is just a special case of the 
one above. 

(d) If V = t, the case is shown below. 





IH[s/v] 




g'[v/u][s/v];{e, 


s> s) he (a:[u/zi][s/w] 


= y[v/u][s/v]) 


g'[s/v][s/u];ie, 


st>s) \-E {x[s / v][s / u] 


= y[s/v][s/u\) 


g'[s/v]; 


(e,w>s) \-E {x[s/v] = 


y[s/v]) 


s, the proof is as 


follows. 






IH[v/t] 




g'[v/u][v/t];{e, 


v>v) \-E {x[v/u][v/t] 


= y[v/u][v/t]) 


g'[v/t][v/u];ie, 


v>v) \-E {x[v/t\[v/u\ 


= y[v/t][v/u]) 



g'[v/t]; (e, ut>v)hE {x[v/t] = y[v/t\) 
(f) If [s/t] and [u/v] are independent, then we can switch the order of sub- 
stitution, and derive the entailment as follows. 

IH[slf] 

g'\i'/n^/l]:(^ . r [> r) (.r[r/<^] [^Z] = <y[r/</] [V^]) 

g'[s/t][v/u];{e,v>v) Kb {x[s/t][v /u] = y[s/t][v/u]) 
g'[s/t]; (e,uow) {x[s/t\ = y[s/t]) 

□ 

Since substitution does not break the equality entailment, we can show a 
substitution lemma for the system LS%gj. 



Lemma 22 (Substitution in LS%gi). If there is a derivation for the sequent 
r h A in LS%gi then there is a derivation of the same height for the sequent 
r[y/x\ h Zi[y/a;] in LS^gj, where every occurrence of label x (x ^ e) is replaced 
by label y. 

Proof. The proof is basically the same as the one for LSbbi, since there are a 
lot of common rules. For the rules that are changed, the case for T*L is similar 
to those cases for additive rules. The proof for the rest of changed rules are 
straightforward with the help of Lemma □ 



sf 

A. 11 Soundness of LS 

Theorem 10. If there is a derivation U for a sequent Q\\r \- A in LS'^^^j, then 
there is a derivation U' for the sequent Q^F \- A in LS'ggj. 

Proof. The soundness proof for this system is rather straightforward. To prove 
this, we show that each rule in LS^^^j can be simulated in LS^^j. To do this, 
one just need to unfold the structural rule applications into the derivation. For 

' BBI 



instance, we can simulate the id rule in LS'^^^j by using the following rules in 
LSbbi- 

S{G,(j) {wi = W2) 
Sig,<7);r;wi ■.Phw2:P;A 

'.a 

g-r-wi:P\-W2:P;A 

The above works because the id rule in LSggj requires G \-r {wi = W2), 
which by definition ensures that S{G,cr) \-e {wi = W2) holds. The case for T*R 
works similarly. One thing to notice is that structural rules only add relational 
atoms into the current set, so except for G is becoming a bigger set, all the other 
structures in the sequent remain the same after the sequence a of applications. 
Let us examine the simulation of *R in LS'^ggj. 

S{g,a);r\- x' : A;w: A* B;A 5(0, a); T h y' : B;w: A * B; A 



Sig,a);rhw:A*B;A 
'.a 

g;r h w: A* B;A 

The condition of the *R rule is S{G,(j) (w — w')- Since the LSggj rule 
requires G {x,y > w), which by definition ensures that there is a solution 
{G, cr) such that (x', y' > w') G S{G^ cr), and the following holds: 

S{G,<y) ^E {x = x') 
S{G,o) {y^y') 
S{G,cr) \-E (w = w') 



The last relation entailment is enough to guarantee that the *R rule is ap- 
plicable. To restore each branch, we need the Lemma [22] (Substitution lemma 
for LS'^ggj). Here we use double line to indicate the premise and the conclusion 
are equivalent. Let us look at the left branch. By the first relation entailment, 
there is a sequence a' of Eqi,Eq2 applications so that x9 ~ x'9. Therefore we 
can construct a proof for the left branch as follows. 

S{g,a);rh X : A;w: A*B;A 

~s{g, a)e~fe~h~x~e 7 A~we~. a~* 'b'ao 
s{g, a)e] re 'r x'e a-wO a* B; ao 

S{g,a);r\- x' : A;w: A*B;A 

The case for — * L is analogous. The rest rules are the same as in LS'ggj^ thus 
we conclude that the rules in LS%n, are sound. □ 



A. 12 Completeness of LS^^gj 

The completeness proof runs the same as in LS'^ggj: if we add the structural 
rules E, U, A, Ac in LSggj, then it becomes a superset of LSggj. Then we 
prove that these rules are admissible in LSggj by showing they can permute 
through *R, — * L, id, and T*R. 

First of all, let us show that when we add E, U, A, Ac (from LS%gj) to 
LS^ggj, its rules can simulate those ones in LS'ggj. As most of the rules are 
identical, the key part is the show the relation entailment is as powerful as the 
equality entailment. This is "built-in" the definition, so there is no surprise. 

Lemma 23. Ifg\-E {wi —W2), then g \-g {wi —W2)- 

Proof. Let a be an empty list of rule applications, then S{g, 0) = g. Therefore 
by definition g \-fi {wi = ^2)- □ 

If we change hn to h^; in LSggj, every rule is the same as the one in LS^gj. 
Therefore LSggj + E + U + A + Ac is at least as powerful as LS%gj . 

Lemma 24. The rules E, U, A, and Ac are admissible in LSggj. 

Proof. We show that the said rules can permute upwards through id, T*R, *R 
and — * L, the other cases are cover by Lemma [51 We only give some examples 
here, the others are similar. The heart of the argument is that the application 
of structural rules are hidden inside the relation entailment, so we do not have 
to apply them explicitly. 

Permute E through id, the suppose the original derivation runs as follows. 

g-, {y, xt> z);{x,y\> z) \-r {wi = ^2) 

id 

g-, {y,x\> z); {x,yi> z)\\r;wi : P \- W2 : P; A 



g;{x,y>z)\\r;wi: P^W2: P;A 



The permuted derivation is: 

G; {x^yoz) \-R {wi ^ W2) 
g;ix,y>z)\\r;wi: P^W2: P;A 

Assume Q; (y, x(>z); {x, y>z) hj^ (wi — W2) is derived by applying a sequence a 
of structural rules. Then S{{Q: (x, yt>z)), a') can prove G; {x, y>z) h/j (wi = W2), 
where a' is E{{{x,y > z)},$) followed by a. That is, the application of E is 
absorbed in hi?. 

Permute A through id, the argument is similar. The original derivation is: 

Q; {u, w> z);{y,vt>w);{x,yt> z); (u, v x') \-r {wi = W2) 

id 

Q; {u,w O z); {y,v O w); (x,y t> z); (u, «l>a;)||_r;uii : P \- •W2 : P; A 

A 

Q; {x,y \> z); (u, v t> x )\\r;wi : P \- W2 : P; A 

The condition on the rule A is G; {x, y > z); {u,v > x') — x'). Then we 

can omit the application of A, since G] {u,wt>z); {y, vt>w); {x,y>z); {u,v>x') h-R 
{wi = W2) implies G',ix,yi> z); (m, vt>x') h/f [wi = W2), one just need to add the 
A application ahead to the sequence of structural rules that derives the former 
relation entailment to get a new sequence of rules to derive the latter one. □ 

A.13 Soundness of i^Fi^BBJ 

Proof of Theorem |6l 

Proof. By induction on the height n of derivation 77. 

1. Base case: n — \. hi this case, we can only use a zero-premise rule to prove 
the sequent. Since the sequent is ground, there are no free variables. Thus 
the constraint generated by the rule application is a simple constraint, of the 
form G (a = b) or G = A solution of this constraint is simply a 
derivation a of G \~r {a — b) (resp. ^ h (a = e). In either case, this translates 
straightforwardly into a derivation in LS^^gj with the same rule. 

2. Inductive case: n > 1. This can be done by a case analysis of the last rule 
application in 77. We demonstrate the case for *R, where a constraint is 
generated. The case for — * L is analogous, and the other cases are easy since 
we can use the induction hypothesis directly. Suppose 77 runs as follows. 

77i 772 
G\\r\-yi: A;w: A*B;A G\\r \- y: B;w: A * B; A 
0117^ hw:A*B;A 

Suppose C(77) = ({ci, . . . , c^}, ^), for some fc > 1. Suppose that the con- 
straint generated by this rule application is G ^r (x, y > w) and it corre- 
sponds to Ci for some i G {1, . . . , fc}. By the assumption, there is a solution 
{6,{ai,--- ,crfc}) for the constraint system C = (C(77), ^^). Now d must 
be a simple constraint in C, as the end sequent is ground. Let {0i,ai) be 
the solution to Ci, where 9i is a restriction to 9 containing x and y, and 
(7i G {(Ti, • • • , CTfc}. By definition of the solution to a simple constraint, Uj is 
a derivation of G {x9i,y9i t> w). Therefore in LS'^lg^, to derive the end 
sequent, we apply *R backwards: 



s{g,a,)\\rhxe^ ■. A;w: a* b-a s{g,a,)\\rhye, -.b-w.a^b-a 

g\\r h w. A* B;A 

The condition on this rule is Q (^Oi^yOi > w). Now we construct the 
derivation for both branches in the following way. Firstly we substitute x 
and y with x^^ and yOi respectively in Ui and , making the end sequents 
in the two derivations ground. Let us refer to the modified derivations as 
17( and respectively. Then for each sequent in n{ and TTj and each 
constraint in C{n[) U 0(112), we change the set of relational atoms to be the 
union of S{G,cri) and the original one. This is harmless because we can use 
weakening to obtain the same sequents as in 7T{ and 7T2, and weakening is 
height-preserving admissible. Let the resultant derivations be 77" and U!^ 
respectively. Now the end sequents of 77" and 772 respectively just the 
same as the two branches we created in the LSggj derivation. Moreover, 
each constraint in C{n'{) U 0(112) is in the restricted constraint system C = 
{C{n), :<^) t (ci, 9i, (Ji), which has a solution [9 \ 9i, {cti, ■ • • , ct^} \ at), and 
obeys the partial order Further, as 77" (resp. 772 ) ^^^^ the same rule 
applications as in 77i (resp. 772), the order of constraints is preserved. That 
is, in the constraints system Ci = (C(77('), ^^") (resp. C2 = (C(77^')> ^^"')): 
if c c' (resp. c :<^'^ c') then c ^' c' in C Therefore we can construct 
the solution (0", Si) to Ci (and analogously to C2) as follows. 

9'l = {9\9,)UviC{n'{j) 

Si — {a \ c C(77"), (T G {(Ti, ■ • • , (Tfc} \ iTi, and a — dev{c)} 

By the induction hypothesis, we can obtain a LS^^^^j derivation for each 
branch. □ 



A. 14 Completeness of FVLSbbi 

Proof of Theorem [71 

Proof. We describe the construction from a LS^^^j derivation 77 to a FVLSbbi 
derivation 77'. We need to prove a stronger invariant: for each sequent GE',Gs\\r h 
A in 77, if there exists a triple consisting of: 

— a symboHc sequent GeW^' \^ A', 

— a well- formed constraint system C = (C, ^), 

— and a solution 5* = (0, {cr}) to C 

such that 

- X isa thread of C consisted of fviG'sWr' h A'), 

- G'eO = Ge, r'9 = r, A'9 = A and 

- GeVJGs = S*(<C,S,X), 



then there is a symbohc derivation ^ of Q'^Wr' h A' such that C o^^ C(!f') is 
well-formed and solvable. 

First of all, by Lemma [TUl since the end sequent in tf/ only contains the free 
variables occur in X, the composition C o'^ C(!f') must be well-formed. Thus 
we only need to show that there is a solution to this constraint system. We 
prove this by case analysis on the last rule in 77, and show that in each case, 
for each premise of the rule, one can find a triple satisfying the above property, 
such that the symbolic sequent(s) in the premise(s), together with the one in the 
conclusion form a valid inference in FVLS bbi ■ We illustrate it here with a case 
when 77 ends with *7?: 

Suppose 77 ends with ^T?, where the conclusion, the premises, and the rela- 
tional entailment are respectively: 

- gE\gs\\rhw:A*B;A 

- S{{gE;gs),<j)\\r h wi : A;w: A* B;A 

- S{{gE;gs),'j)\\r h W2 : B;w: A* B;A 

- gE'.gs {wi,W2 > w) 

and suppose that the relation in the last item is derived via cr. Suppose that we 
can find a triple consisting of 

- a symbolic sequent ^^||7^' h w : A* B; A' 

- a well- formed constraint system C = (C, ^), and 

- a solution S = {9, {ai, . . . , (t„}) to C 

satisfying the following: 

- X isa thread of C consisted of fv{g'j^\\r' h w : A * B; A'), 

- g'E^ = gE, r'e = r, A'e ^a,w^w0 and 

- gEugs^s*ic,s,x). 

We need to show that we can find such triples for the premises, and more im- 
portantly, the symbolic sequents in the premises are related to the symbolic 
sequent in the conclusion via *R. In this case, the symbolic sequents are simply 
the following: 

1. ^^||r' h X : A; w : A * B; A', for the left premise, 

2. g'^\\r"r y : A;w : At= B; A', for the right premise. 

The constraint systems are: C = (C U {cj},^') for both premises, where Cj = 
G'e '~h (^lyi^w) and <' is < extended with c{end{X)) ^' Cj. The solutions, 
for both premises, are the tuple S' = {6' ,S) where 0' — {yi ^ wi, y ^ 
W2} and S — {cti, . . . , cr„, ct}. It is guaranteed that 9' is enough to make both 
premises grounded, as x and y are the only two new free variables. The threads 
of free variables Xi and X2 for the two premises are naturally X@[x] and X@[y] 
respectively. By Proposition [TJ in each premise, the following holds: 



So by the induction hypothesis we have a symboUc derivation 11 [ for sequent (1) 
and a symbohc derivation TJj for sequent (2), such that C^i = C'o"^i C(7T{) and 
C^2 ~ C C(7T2) are both solvable. Suppose the solutions are respectively 
{0' U 01, S U Si) and {9' U 02, S U S2)- Then construct 77' by applying the *7? 
rule to 77( and 772- Note that the variables created in 77( are 772 ^^'^ distinct 
so their constraints are independent of each other. So we can construct Cp = 
C(7T{) C(772) = (Cp, ^p), along an empty thread 0. Now C(7T') is obtained as 
(Cp U {Cj}, ), where is derived as follows. 

- If c ^p c' in Cp, then c c' in C(77') 

— For any minimum constraint Cm in Cp, Cj <^ Cm in C{n') 

The solution to Cq = C o"^ C(7T') is constructed as the combination of the 
solutions to C/31 and C^2: {0' U 6*1 U 02, U U U2)- This construction of the 
solution is indeed valid, because the symbolic derivation that gives Cq, also yields 
exactly C^i and C^2 (respectively on its two branches created by the *R rule). 

□ 



A.15 The Proof of the Heuristic Method 

In the following proofs we use the tree representation of a set of relational atoms. 
Given a labelled binary tree tr as defined in Section [HI we say another labelled 
binary tree tr' is a permutation of tr if they have the same root and same multiset 
of leaves. A permutation on tr is generally done by applying the rules E, A on 
Rel{tr). Figure [Til gives some examples on tree permutations. In Figure [Tl] (b) 
is permuted from (a) by using E on (d, e>b), whereas (c) is permuted from (a) 
by using A on the two relational atoms in the original tree. 




Fig. 11. Examples of tree permutations. 



Lemma 25. Let tr be a labelled binary tree with a root labelled with r and a 
multiset of labels L for the leaves. If there is a labelled binary tree tr' with the 
same root and leaves labels respectively, then there is a variant tr" of tr' and a 
sequence a of E^A rule applications such that Rel{tr") C S{Rel{tr),a). 



Proof. Prove by induction on the width of the tree tr. We show that any distinct 
permutation(i.e., they are not variants of each other) of a tree can be achieved 
by using the rules E and A. Base case is when there are only two leaves in tr. In 
this case, there is only one relational atom in Rel{tr), thus clearly there is only 
one distinct permutation of tr, which can be obtained by applying E on Rel{tr). 

The next case is when there are 3 leaves in the tree, meaning Rel{tr) contains 
two relational atoms. In this case, it can be easily checked that there are 12 
distinct permutations of tr, all of which can be derived by using E and A. 

Inductive case, suppose the lemma holds for all trees with width less than 
n, consider a tree tr with width n. Suppose further that the root label of tr is 
r, it's two children are in the relational atom {wi, •W2> r), and the multisets of 
leaves labels for the subtrees of wi and W2 are Li, L2 respectively. Let tr' be 
a permutation of tr with the same root label and leaves labels, and in tr' the 
two children of the root label are in the relational atom (t«3, u'4 > r). Suppose 
the multisets of leave labels for the subtrees of W3,W4^ are ^3,^4 respectively. 
Apparently, since Li U L2 = L3 U L4 = L, every label in L3 is either in Li or 
in L2. Let L' = Li (1 L3 and L" = L2n L3, then L' U L" = L3 and {Li \ L') U 
(L2 \ L") — ^4. By the induction hypothesis on the subtrees of wi and W2, there 
exist W5 , We , , s.t. (ws, > wi), (wy, > W2) hold, and the subtrees of 
w^, wq, W7, ws give the multisets of leaves L', {Li \ L'),L", {L2 \ L") respectively. 
Then we use the following derivation to permute the tree: 



(if", w'" > r); (u>6, wg > w'"); (w^, w-j > w"); ■ ■ ■ 


{w' , we>r); {w" , wg > w') 


(«75,-u;7 >«;");••• 

E 


{we^w' > r); (wg, w" i> w') 


{W5,W7>W");--- 


{we,w' t>r); (^2,^5 t>w') 


A 

{'Ws,W7t>W2); - ■ ■ 


{wq, w' > r); {w2,W5 > w') 


E 

{■W7,W8>W2); ■ ■ ■ 



{w(i,W5 > wi); (w7,wg 0^2); (wi,W2 >?'); • • • 



(ws, We > wi); (w7,wg i> W2); (fi;i,u;2 >r); • • • 

Now the subtrees of w" and w'" has the same multisets of leaves as W3 and W4 
respectively. Again by the induction hypothesis on the subtrees of w" and w'" , 
we obtain a tree tr" which is a variant of tr' . □ 



Proof of Lemma [TT] 

Proof. The lemma restricts the labels of internal nodes to be free variables that 
are created after all the labels on the left hand side. Additionally, each free 
variable is only allowed to occur once in a tree. Therefore given a set G of 
relational atoms as the left hand side of those constraints, and any sequence a 
of structural rule applications, the free variable labels for internal nodes can be 
assigned to any labels occur in S{G,<t). By Lemma B51 there exists a sequence 
a oi E,A applications which converts the tree on the left hand side to a tree 
which is a variant of the one on the right hand side, thus those constraints can be 
solved by assigning the free variables in the internal nodes to the corresponding 
labels. □ 



A. 16 Proof of Formulae in the Conclusion 

In this section we show the proofs of the four formulae in the conclusion. We 
extend LSbbi in the obvious way to handle the additive connectives -i and V, 
where -'p = p ^ -L and pV q = ^{-'P A -ig). Thus we obtain the left and right 
rules for V as in the classical setting. To save space, we shall write r" to mean 
the rule r is applied n times, and write ri; r2 to mean apply ri then apply r2 on 
a sequent, when the order of rule applications docs not matter. 

1. To prove the formula (F * F) F, where F = -i(T— * -iT*), we use the 
following derivation in LSbbi- 



{w',w" e); (&', c' o w"); (6, c> to'); (6, c > a); • • • ^ 
(w', c' > to); (to, b' t> e);- ■ ■ 
{c',w' >w); (6,0 to'); (&', to > e); • • • 
(&', TO > e); (e, b > w); (c', c> e); ■ • • ^ 

(b, e> g); (b', bt>e); (c', c t> e); (e, e > e); ■ ■ ■ 

(fe,cl>a);(6',6>e); (c',c>e);a : T-* -,T*;b' : T, c' : T h 



(&, c> a); (6', b > &"); (c', c> c"); a : T-n -.T*; t 


/ : T,c' 


: T;6" : T*;c" : T* h 


(6, c t> o); (6', 6 > 6"); (c', c> c"); o : T-i= -.T*; 6' 


:T,c': 


T I-:' : -.T*;c" : -.T* 



* r 2 



(&. c > a); a : T— * -iT* h : T— * -iT*; c : T— * ^T* 
L_ : ,]^^ 

(6, CO a); 6 : -i(T— * -iT*);c : -1(7-* -.T*) h a : -i(T— * -iT*) 

a:F*F\-a:F I *^ 
ri 



R 



\-a:{F*F)^F 

The correct relational atom that is required to split a : T— * -iT* is {w",a> 
e). However, in the labelled sequent calculus we can only obtain w",w' > 
e. Although w' and a both have exactly the same children, but the non- 
dctcrministic monoid allows the composition & o c to be multiple elements, 
or even in A^. Thus we cannot conclude that w' = a. This can be solved 
by using P to replace w' by a, then use E to obtain {w", a> e) on the left 
hand side of the sequent, then the derivation can go through: 

(to", a >£);••• ;l-e:T* ^ 

~'L — — T. ^ \ T. — — TR 



(w", a > e); ■ • • ; e : -.T* h (to", a > e); ■ ■ ■ h to" : T 

(»",«>£);•■■ ;a : T-* ^T*;6' : T,c' : T h * 

The trick to prove (-iT*— * _L) — >• T* is to create a relational atom (w, wow'), 
as shown below. 



(e, £I>to'); • • • h e : T* 



(w, TO > to'); • • • ; TO : T* h TO : T* 
(to, to > w'); -iT*; to : T* 



(w, TO > to'); • • • ; to' : -L h to : T* 



(w, TO > to'); to : -iT*— * ± h to : T* 



TO : -iT*— * _L h TO : T* 
h TO : (-.T*^ _L) T* 



T 



3. The proof for (T* A {{p * q)-* ±)) -> {{p-* -L) V {q-* _L)) is as follows. 



; id i id 

■■■ ■,c: q\- c: q;--- ■ ■ ■ ; a : p h a : p; • • • 

1 ^ H TT -Li 

(a, cl>e);---;a:p;c:g|-e:p*g;--- •••e:±|---- 

(e, e > e); (a, c> e); (a, e > 6); (c, e > d); e : (p * g)— * -L; a : p; c : g h 6 : _L; d : _L 

(a, O e); (a, e > 6); (c, e > d); e : (p * g)— * -L; a : p; c : g h 6 : _L; d : -L 

(a, £ > 6); (c, e > d); e : (p * g)^ -L; a : p; c : g I- 6 : -L; d : ± ^ 

e : (p * g)— * _L h e : p— * ±; e : g— * _L 
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w : T* ; w : {p * q)—* A- \- w : p— * -L; w : g— * -L 
w : T* A ((p * g)^ _L) h w : (p^ ±) V (g^ _L) 
I- w : (T* A ((p * g)^ ±)) ^- ((p-* ±) V (g-* ±)) ~^ ^ 

4. The proof for -.(T* AAa{B* -.(C-* (T* ^ A)))) in iS'ss/ is as follows. 



{c,b\> e);{a,b> e);e : A;a : B;c : C \- e : A 

~r* L 

{c,b> d); {a,b> e);e : A;a : B;c : C;d : T* \- d : A 

{c,bt> d);{a,b\> €);e : A;a : B-.c : C \- d : T* A ~^ 
(a,6>e);e : A;a:B\-b: C-* (T* ^ A) * 
(a,6>€);e : A;a : B;6 : -.(C-i= (T* A)) h 

e:yl;e:B*-(C-*(T*^A))h *f' 
m : T*; w) : yl; u; : B * -i(C-* (T* ^> A)) h 

w : T* A A (B * ^(C-* (T* ^ yl))) h ^'^ 
h w : -(T* A yl A (B * -(C-* (T* yl)))) "''^ 



